Re: ddclient failure to start

> On Jul 14, 2016, at 1:53 PM, Brian McCafferty wrote: > > On 07/14/16 19:32, Joe S wrote: >>> On Jul 8, 2016, at 7:44 PM, Ed Ahlsen-Girard wrote: >>> >>> ddclient won't start from rc.d with this configuration: >>> >>> rc.con

Re: ddclient failure to start

> On Jul 8, 2016, at 7:44 PM, Ed Ahlsen-Girard wrote: > > ddclient won't start from rc.d with this configuration: > > rc.conf.local: > > ntpd_flags= > xdm_flags= > httpd_flags= > doas_flags= > ddclient_flags=-file /etc/ddclient/ddclient.conf > pkg_scripts=ddclient > > ddclient.conf: > # Configurat

Re: make release error on 5.8

> On Oct 20, 2015, at 9:26 AM, trondd wrote: > > On Tue, October 20, 2015 11:02 am, Joe S wrote: >> >> since the FAQ didnâ**t mention the need to do this separately. >> > > > Sure it does. 5.3.5 describes building userland and 5.4, about building > t

Re: make release error on 5.8

> On Oct 20, 2015, at 12:54 AM, Philip Guenther wrote: > > On Mon, Oct 19, 2015 at 3:47 PM, Joe S wrote: >> I've just upgraded from 5.7 to 5.8 on amd64 and applied all of the errata >> found at . >> >> I downloaded src.tar.gz and sys.tar.gz from >> f

make release error on 5.8

I've just upgraded from 5.7 to 5.8 on amd64 and applied all of the errata found at . I downloaded src.tar.gz and sys.tar.gz from ftp5.usa.openbsd.org/pub/OpenBSD/5.8 and then applied all of the errata (2015-10-18) from http://www.openbsd.org/errata58.html. I want to make a release, to deploy on o

Re: Ubiquiti EdgeRouter Lite

On Sun, Aug 16, 2015 at 1:47 PM, Ted Unangst wrote: > Predrag Punosevac wrote: > > Dear All, > > > > I am contemplating buying a new machine which will act as a router/DNS > > caching server for my home network. Is anybody currently running OpenBSD > > on the Ubiquiti Networks EdgeRouter LITE in

Re: Question about /etc/mail post 5.6 upgrade

On Mon, Nov 10, 2014 at 8:30 AM, Scott Vanderbilt wrote: > > > These changes came after 5.6 was RTM, and are reflected in -current as of > 15 September or so. > > See http://www.openbsd.org/faq/current.html. > Removing sendmail as outlined above will make things like 'make release' break. I upgra

cpu choice for firewall

I'm looking to build a new mini-itx firewall based on OpenBSD and would like to get some advice on CPU selection. I've seen multiple statements on this list that indicate CPU cache and CPU speed are the most important factors. Sorry if this is a silly question, but which cache is most useful for wh

anything similar to auditd for openbsd

I have auditd configured on a number of linux servers and I'm trying to find something similar for OpenBSD. Any recommendations? Some of the things I'm looking to log: exec, system-wide read,write,move,delete,etc on selected files read,write,move,delete,etc of /etc Thanks.

Re: Performance problems with OpenBSD 4.9 under ESXi 5

On Wed, Oct 19, 2011 at 11:55 AM, Gene wrote: > I'm trying to run OpenBSD 4.9 (amd64) under VMware vSphere 5 (ESXi 5). I > set up four virtual machines with one core, 256 MB of RAM, and 4 GB of disk > > They perform terribly. The load average hovers around 1.5 on all of these What sort of hardw

Re: NIDS on OpenBSD

On Tue, Oct 18, 2011 at 10:31 PM, Wesley M. wrote: > Hi, > > I use OpenBSD 4.9, i'm looking for a good nids. It depends on what you are trying to accomplish. In general OSSEC and Snort are great intrusion detection tools to get started. OSSEC can monitor your logs and can block IP addresses if ce

Re: Question about apmd power savings

On Tue, Oct 18, 2011 at 2:22 PM, Brynet wrote: > Sorry Joe, > > I'm not subscribed to misc@, marc.info is ro, I didn't see your message. > > I worked on K10 freq scaling for my laptop, indeed, it doesn't help much in > terms of measurable power savings.. not as much as I had hoped it might. > > Pl

Re: Question about apmd power savings

On Tue, Oct 18, 2011 at 12:22 PM, Geoff Steckel wrote: > Were you running a CPU-intensive workload on the CPU(s)? Changing the clock > speed of an idle chip won't change the power usage very much in absolute > terms. If the CPU has multiple cores, exercising them all at once may > maximize power u

Question about apmd power savings

This isn't a problem and I'm not complaining, I'm just a bit curious as apmd didn't save me as much power as I hoped for. I noticed that apmd couldn't throttle my cpu in 4.9-RELEASE (amd64). However, since March 2011, -CURRENT recognizes the K10 cpus, so I wanted to try it out apmd on my HP Microse

Re: Quad-Gigabit 1U mini-itx board recommendations?

On Tue, Aug 30, 2011 at 12:00 AM, Joakim Aronius wrote: > I have used Soekris for a few years and are very happy with them. They have a > new board that will start shipping soon: http://soekris.com/net6501.htm > Curious if anyone has tried these boards out. I'm looking for something similar (low

Re: OpenBSD-capable, fanless, diskful computer with ECC RAM

On Fri, Oct 29, 2010 at 5:14 PM, Damien Miller wrote: > Hi, > > Can anyone recommend a small, fanless computer that will accept a HD (perhaps > a 2.5" drive) that uses ECC RAM? Needless to say, it must run OpenBSD. > > Being 64 bit, having accellerated crypto and/or supporting multiple drives > wo

Re: MPLS status questions.

On Wed, Apr 29, 2009 at 12:48 PM, Michele Marchetto wrote: > Il giorno mar, 28/04/2009 alle 20.18 -0400, Daniel Ouellet ha scritto: >> So, I am not sure where this is and I am curious as to what stage it >> might be? > > We are moving things forward. > The current stack have really basic functiona

Re: Where is "Secure by default" ?

On Mon, Mar 9, 2009 at 7:36 AM, irix wrote: > Hello Misc, > > In www.openbsd.org wrote "Only two remote holes in the default > install, in more than 10 years!", this not true. I using OpenBSD > like customer, not like administrator. And my OpenBSD were attacked, > by simple MiTM atta

Re: Article about network monitoring system developed on OpenBSD

On Mon, Feb 2, 2009 at 8:12 AM, Jason Dixon wrote: > On Mon, Feb 02, 2009 at 10:53:45AM -0500, Christopher Linn wrote: >> On Mon, Feb 02, 2009 at 03:29:19PM +, Mikolaj Kucharski wrote: >> > Hi, >> > >> > Few months back (maybe years) there was article posted (I don't think >> > that was on und

Re: Port ZFS to OpenBSD

On Sun, Jan 18, 2009 at 9:24 AM, Antoine Jacoutot wrote: > On Sun, 2009-01-18 at 14:28 +0100, Matthias Kilian wrote: >> On Sun, Jan 18, 2009 at 04:29:37AM -0800, Mike Swanson wrote: >> > > As marco already stated, it could be a kernel module. But it won't. >> > > Why? Because nobody will write it.

Re: PF blocking outbound packets that don't have S/SA flags

On Fri, Nov 21, 2008 at 2:29 PM, Joe S <[EMAIL PROTECTED]> wrote: > On Fri, Nov 21, 2008 at 2:13 PM, Daniel Melameth <[EMAIL PROTECTED]> wrote: > >> Perhaps you're hitting pf's default state limit? If you're going to >> be nmapping, I highly recommend

Re: PF blocking outbound packets that don't have S/SA flags

On Fri, Nov 21, 2008 at 2:13 PM, Daniel Melameth <[EMAIL PROTECTED]> wrote: > Perhaps you're hitting pf's default state limit? If you're going to > be nmapping, I highly recommend doing it from a host that's not > firewalled. Could be. I will look into that. I'm starting to wonder if the error

Re: PF blocking outbound packets that don't have S/SA flags

On Fri, Nov 21, 2008 at 2:11 AM, Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2008-11-21, Joe S <[EMAIL PROTECTED]> wrote: >> How do I create a rule to ignore the flags S/SA > > Read pf.conf(5) about flags. > > Thanks. I read everything but that man page. I

PF blocking outbound packets that don't have S/SA flags

OS: OpenBSD 4.4 RELEASE i386 PF is blocking traffic that I want it to pass. I notice this when I run nmap 4.76 (compiled from source). It appears that my packets are being dropped because they don't match the "pass out quick" rule in my pf.conf. I noticed this rule is modified due to the default s

Re: Use a USB flash drive to install a snapshot

On Wed, Sep 17, 2008 at 10:44 AM, Joe S <[EMAIL PROTECTED]> wrote: > Has anyone been able to configure a usb flash drive to boot a snapshot > install? I don't like to burn so many cd's. I tried to install via > PXE, but the laptop I use (Thinkpad X24) doesn't su

Use a USB flash drive to install a snapshot

Has anyone been able to configure a usb flash drive to boot a snapshot install? I don't like to burn so many cd's. I tried to install via PXE, but the laptop I use (Thinkpad X24) doesn't support PXE. I've been able to install 4.3 from usb flash drive thanks to these instructions: http://www.azbsd.o

Re: ascii bandwidth report

. May be this can also > work on OpenBsd (never test it) > > Regards > >> -Message d'origine- >> De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> De la part de Joe S >> Envoyi : mercredi 17 septembre 2008 17:20 >> @ : misc@openbsd.org >> Ob

ascii bandwidth report

Now that my ISP is imposing bandwidth caps, I need to start measuring my usage. Graphs are nice, but I've found that graphs are not really that useful to me. I need something to report what my cummalative usage is in a 30 day period. I'd like the data in some sort of ascii format, but html is ok to

Re: GPL version 4

On Wed, Jul 16, 2008 at 11:06 AM, Morton Harrow <[EMAIL PROTECTED]> wrote: > Our planned release date of GPLv4 is 15th September 2008. That's scary. I'm staying indoors, shutting down any linux/windows pc's and not leaving the house that day.

Sendmail won't use port 587 instead of 25

I can't get sendmail to use port 587 and not port 25, which my ISP Comcast blocks. I've added these lines to my sendmail.mc file, which is a copy of openbsd-proto.mc I've tried this with the openbsd-localhost.mc file also, but no success. ~ define(`SMART_HOST', `smtp.comcast.net')dnl define(`RELA

Re: Identifying Bandwidth Hogs

Check out argus (http://qosient.com/argus/). I've tried ntop, and it's unusable when the network gets busy. On Tue, Jul 8, 2008 at 10:51 PM, David Schulz <[EMAIL PROTECTED]> wrote: > Hello, > > can someone recommend me a good way to quickly determine who on the network > is using up most the Ban

Re: vsftpd [more secure]

no version of ftp software is "secure" Try "man sftp" On Tue, Jun 10, 2008 at 6:45 AM, Saulo Bozzi <[EMAIL PROTECTED]> wrote: > *Name* *Version* > > > > > > vsftpd 1.1.3 > > > > > vsftpd 1.2.2 > > > > > vsftpd

Re: Unbound: a validating, recursive, and caching DNS resolver

On Wed, May 21, 2008 at 10:09 AM, Andris <[EMAIL PROTECTED]> wrote: > I just read about this project, might be of interest: > http://unbound.net/ > > It's developed by Kirei, NLnet Labs, Nominet, and VeriSign; and > released under a permissive free software license: > http://unbound.net/svn/trunk/L

Running -current

I'm running -current on a test host for the first time. I've read FAQ 5, following current, and I watch source-changes. So far so good. Then I noticed a whole lot of recent changes to src. 1. Are there any rules of thumb or guidelines to follow as far as how often I should keep -current, curren

Re: Poor OpenBGPD performances on soekris net5501 ?

On Wed, Apr 30, 2008 at 10:29 AM, Paolo Di Francesco <[EMAIL PROTECTED]> wrote: > 10601 packets received by filter > 9632 packets dropped by kernel This looks like something tcpdump would say. Given the load of device and low cpu power, tcpdump is very likely to drop packets when trying to prin

Re: Linus about C++

On Dec 28, 2007 7:16 AM, Gary Baluha <[EMAIL PROTECTED]> wrote: > On Dec 28, 2007 7:51 AM, Erik Wikstrvm <[EMAIL PROTECTED]> wrote: > > > On 2007-12-28 07:33, Brian Hansen wrote: > > > > [snip] > > > > > Is he right? > > > > Yes and no. First of all you should realise that Linus and most other > >

Question about 4.2 Package availability

I just wanted to confirm the following: If I've installed OpenBSD 4.2 and I need a specific package (in this case, net-smpd) which is not available on the CD, I must wait until 4.2 is officially released. Then I can get the packages I need from the ftp site.

4.1 upgrade problem - im apps logout

After I upgraded to 4.1, I have noticed a new problem. Instant messaging applications will get randomly disconnected for no apparent reason. It seems as though the sessions are timing out somewhere between 30-60 minutes of non-use. Has anyone else ran into this? OpenBSD 4.1-stable (GENERIC) #0:

Re: Locations of stable ports vs current ports

se <[EMAIL PROTECTED]> wrote: > > On Wed, Jun 20, 2007 at 10:05:25AM -0700, Joe S wrote: > > I'm running openbsd 4.1-stable. I'm also using cvsup to get/update > > ports-stable > [snip] > > This site has a nice interface to ports: http://ports.openbsd.nu/

Locations of stable ports vs current ports

I'm running openbsd 4.1-stable. I'm also using cvsup to get/update ports-stable. However, when I browse the ports tree, I found a port that I want, www/rt, but it is not available in my ports tree. I'm guessing this is because it's in current ports and not stable, but how do I tell the difference

Re: dmesg - MacBook Pro

Michael Steinfeld wrote: If anyone cares here's the dmesg from my MacBook Pro. -- OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Genuine Intel(R) CPU T2500 @ 2.00GHz ("GenuineIntel" 686-class) 2 GHz cpu0: FPU,PSE,TSC,MS

Re: Sun Ultra 1

Gustavo Rios wrote: Hey folks, i have just installed 3.8 in my sun desktop. It installed ok, 100% perfect. Know, i would like to strip the kernel to the bare minimum and get X It sounds like you come from Linux, where kernels are bloated. OpenBSD is not like Linux. The OpenBSD kernel is not

Re: PF or BPF

Dave Feustel wrote: What can BPF do that PF can not? Thanks, Dave Feustel One is a packet sniffer, one is a firewall. However, you are not qualified to operate such tools. Please disconnect your keyboard from your PC.

Re: X11 exploit info

Dave Feustel wrote: On Saturday 11 February 2006 10:59, Roman Hunt wrote: Dude what is your major f*&^%! malfunction? Years ago this sh!^ would've never been allowed to fly on this list. Sorry. I don't intend to offend or to irritate. Just out of curiosity, how old are you? Also, to which p

Re: QUESTION ABOUT PPP.LINKUP AND PF

Brian Shackelford wrote: We have /etc/ppp/ppp.linkup and in that is a section like this: ! sh -c "pfctl -e -f /etc/pf.conf" My ppp.linkup has this: ! sh -c "/sbin/pfctl -ef /etc/pf.conf" and it works.

Re: The Apache Question

RedShift wrote: Hi everyone I've noticed OpenBSD still uses Apache httpd 1.3. While it is good that on the OpenBSD side of things, it is maintained and there's an additional focus on security for httpd. However, sooner or later, httpd 1.3 *will be deprecated* in favor of newer versions (2.0, 2.2

Re: sysctl hw.sensors question

Denny White wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Today Stuart Henderson spake forth boldly: On 2006/02/04 20:43, Denny White wrote: hw.sensors.11=lm0, Temp3, temp, 127.50 degC / 261.50 degF hw.sensors.0=nsclpcsio0, TSENS1, temp, 127.00 degC / 260.60 degF hw.sensors.1=nsclpcsi

Re: OpenBSD hardware router

Tim Donahue wrote: On Thursday 02 February 2006 15:54, Darrin Chandler wrote: Kenny Mann wrote: I'm looking for something that which I can slap OpenBSD 3.8 on and use it as a router. This will be used for a house (~ 4 people) and I'm looking for You could look at www.soekris.com. They're under

learning to code - suggestions needed

Hello list members. I'd like to direct this post to those that develop code for OpenBSD. I'd like a start developing software, and in turn, contribute to projects like OpenBSD and others. Right now, I'm working as a sysadmin/infosec person. I can write some simple perl and shell scripts, but

Re: Nokia IP330 OpenBSD 3.8 Information and Installation Assistance

NetNeanderthal wrote: Hi misc@, Background I am yet another Nokia IP330 owner seeking help to put a real OS/Firewall onto one of these devices. I have a handful of these at my disposal, all with AMD K6-2 400MHz CPUs, 1 SDRAM bank with 256MB of CAS2 PC100 ECC SDRAM (the other is empty), 2xdc NIC

Re: PPPoE and static IP block

SBC equipment with an OpenBSD box. Get the WAN IP from SBC's tech, or this is trivial to do. I run SBC static and use OpenBSD for PPPoE and pf. This *should* be simple, but it's not. SBC no longer provides WAN IPs for home users that want static. You get a a single block of "sticky" IPs. A

PPPoE and static IP block

I have new static IP ADSL service from SBC. SBC assigns a /29 netblock once authenticated via PPPoE. The ISP routes all traffic for the IP block down the same PPP session, and the last usable IP is the gateway. I plan to assign the static IPs to some of my servers. I'm not sure how to setup th

Re: OpenBSD Desktop Document

Roy Morris wrote: I have been working on a document for newbies that helps them put together a basic/functional desktop under OpenBSD. If anyone has time, I'd like feed back. www.openalternatives.com/OpenBSD/OpenBSD-Desktop.pdf Thanks Roy 1. I'd get rid of the rdate cron job and just turn on

Re: Make a backup

Abel Talaversn Estevez wrote: Hi all, I'm using OpenBSD in a firewall which runs 3.6 and I want to upgrade it from 3.6 to 3.7. This does not answer your question, but I'd recommend going to 3.8 if you can.

Interrupts on quad nics

Since some quad nics share 1 interrupt, what kind of performance impact would I be dealing with versus using 4 indiviual nics? Debating wehter to use a Phobox P430TX quad dc nic or individual fxp0 nics.

Re: Sun Ultra 5 as a firewall?

Jason Dixon wrote: Unless you've got a DS-3 or better, why does it matter? 1 interface is for the ADSL connection. I'm not worried about that. 2 interfaces are local networks. It's the throughput between those 2 that I noticed a bit of a bottleneck. It's not *that* bad. It's more suprising t

Re: Sun Ultra 5 as a firewall?

Joe S wrote: questions on the list. Why not just setup a test network and run iperf against it? After doing my own tests, I found that the Ultra 5 was too slow to perform near wire-speed throughput. TEST 1 - Sun Ultra 5 360MHz dc0 and dc1 are Phobos 430TX quad nic, PCI card [ 4] 0.0

Re: DTrace

Gustavo Rios wrote: Does OBSD support something like Solaris DTrace? Thanks. No, but it will be availalbe in FreeBSD soon.

Re: Sun Ultra 5 as a firewall?

There's no way for anyone to know without describing your throughput. My apologies. I forgot to include that information. This is stricly a home network. I am not concerned about the throughtput between my network and the internet, but rather between local networks. I'll post my iperf resul

Sun Ultra 5 as a firewall?

Is anyone on the list running an Ultra 5 as firewall? I would like to move my firewall from an overpowered P4-3GHz box to a Sun Ultra 5 360MHz. My main concern is wondering if the Ultra 5 is slow enough to become a bottleneck from one interface to another interface. However, I know some of you

Re: squid mime-type blocking

Florian wrote: Hi When I try to allow only a few mime-types, I only get an "access denied" Is there a way ? Are you telling squid to re-read it's configuration? # squid -k reconfigure -joe

Re: IDE disk problems

[EMAIL PROTECTED] wrote: On Tue, Oct 04, 2005 at 07:46:01AM -0600, Steve Harding wrote: The thing that has been bothering me is that I replaced a drive 2 months ago because of similar errors, and wd3, which is now showing errors, is a brand new drive. Then perhaps something else, like the ca

squid-2.5.STABLE11.tgz

I'm running OpenBSD 3.7-STABLE. I'm trying to find an updated package: squid-2.5.STABLE11-transparent.tgz I checked /pub/OpenBSD/3.7/packages/i386 of a few FTP servers and only found squid-2.5.STABLE11.tgz. I noticed that squid-2.5.STABLE11-transparent.tgz is available for 3.6, but not 3.7.

Re: The value of this list

Gaby vanhegan wrote: Hi, I'd just like to say how useful this list is. Even though I don't contribute to it much, my lurking for the last few years has enabled me to solve many, many problems, based on the useful snippets that are passed around on this list. For example, Zope was causin

Egress filtering on PF

Is it better to apply egress filtering rules on the internal interface of the firewall or the external interface? A snippet of my rules look like this right now: (I'm filtering on both interfaces) pass in quick on $int_if inet proto tcp from $int_if:network to any port $tcp_ports modulate stat

Re: is there a way to block sshd trolling?

John Marten wrote: There's got to be a better way, and I'm open to suggestions. Use public key authentication to start with. It's very easy to setup and much more secure than password authentication. With public key authentication, passwords will never work. You might also want to make it a

Re: is there a way to block sshd trolling?

[EMAIL PROTECTED] wrote: My only question is what if I traceroute to you, find out the IP number of your upstream router? Then I make a bunch of connection attempts to your IP but forge the packets to make them look like they came from your upstream. Don't *you* end up blacklisting your defa