Re: help

2010-11-08 Thread Joe Warren-Meeks
On 8 November 2010 10:46, steve wrote: > help I need somebody.

Re: Enough is enough!

2010-11-02 Thread Joe Warren-Meeks
Srsly, if bsdmaster goes, I'm going too. How could OpenBSD survive without him! Quick to www.haiku-os.org ! -- joe.

Re: 4.8 arrival!

2010-10-29 Thread Joe Warren-Meeks
On 29 October 2010 04:08, Theo de Raadt wrote: >> Would you please consider uploading an iso image of your OpenBSD >> 4.8 to some public tracker such as thepiratebay.org? > > 4.8 is not yet released. > >> If you are unfamiliar with the process of making an iso-image out >> of a CD, or if you need

Re: OpenBSD 4.6 + carp + pf + pfsync lockup

2010-09-09 Thread Joe Warren-Meeks
2010/9/9 Martin Pelikan : Hello Martin, > I thought the same when I played with TCP buffers set to 1M and after > some heavy load tests I went out of RAM quite soon :-) The machine had > 2G. Well, the machine has 6Gb of RAM and is only pushing 10Mbit/s of traffic at peak. It does need to maintai

OpenBSD 4.6 + carp + pf + pfsync lockup

2010-09-08 Thread Joe Warren-Meeks
Hey guys, I'm running two HPDL360 G5 servers with OpenBSD 4.6+carp+pf+pfsync as an active/passive firewall pair. Both are running: (full dmesg at bottom, along with edited pf.conf, in case it's relevant) j...@f2:/home/joe> uname -a OpenBSD f2 4.6 GENERIC.MP#81 amd64 I've had a weird problem hap

Re: IPSec to Checkpoint

2008-11-13 Thread Joe Warren-Meeks
On Wed, Nov 12, 2008 at 07:13:05PM +0100, Hans-Joerg Hoexer wrote: > Support for specifying aes key sizes was added february 2008, thus 4.2 > does not provide this. Ah, thought so. Well, I got it working by reverting back to using the old isakmpd.conf method. Thanks for your time. -- joe. Fi

Re: IPSec to Checkpoint

2008-11-12 Thread Joe Warren-Meeks
On Wed, Nov 12, 2008 at 02:35:35PM +0100, Claer wrote: Hey there, OK, so I've switched to ipsec.conf and it is alot easier! However, I'm still struggling to use aes 256. I have the following: ike esp from 195.24.xxx.x/25 to 62.232.yyy.y/27 \ local 195.24.aaa.aa peer 62.232.bbb.bbb \ main auth

Re: IPSec to Checkpoint

2008-11-12 Thread Joe Warren-Meeks
On Wed, Nov 12, 2008 at 02:35:35PM +0100, Claer wrote: Hey there, > I don't know if your isakmpd.conf is good or not. The general > part seems good. But I'm wondering why you are not using the new > configuration file (/etc/ipsec.conf) It's much easier to use and to > maintain over time. For you

IPSec to Checkpoint

2008-11-12 Thread Joe Warren-Meeks
Hey guys, I'm struggling to get isakpmd to talk to a checkpoint firewall I need the following parameters General IKE Properties = AES-256 with SHA1 IKE Phase 1 SA = Group2 (1024 bit) IKE Phase 1 SA renegotiation = 1440 IKE Phase 2 SA renegotiation = 3600 The network layout looks as follows: Ou

Re: "ping: sendto: No buffer space available" when using bittorrent or another p2p

2008-07-22 Thread Joe Warren-Meeks
On Mon, Jul 21, 2008 at 10:53:23AM -0600, Daniel Melameth wrote: > On Mon, Jul 21, 2008 at 10:39 AM, Joe Warren-Meeks <[EMAIL PROTECTED]> wrote: > > The default limit for number of states is quite low. Try adding the > > following to pf.conf and running pfctl -vf /etc/pf.con

Re: "ping: sendto: No buffer space available" when using bittorrent or another p2p

2008-07-21 Thread Joe Warren-Meeks
On Mon, Jul 21, 2008 at 03:55:41PM +0200, Amaury De Ganseman wrote: Hey there, > I run OpenBSD 4.3 on my gateway. But when a machine behind the > NAT/gateway uses bittoreent (or gtk-gnutella) I loss packets. > For example when I try to do a ping www.google.com I can see "ping: > sendto: No buffe

Re: Multiple FTP servers behind firewalls

2008-06-05 Thread Joe Warren-Meeks
On Wed, Jun 04, 2008 at 06:06:47PM -0400, Calomel wrote: > Joe, > > We have used a CARP firewall (two machines in failover and not > load balancing) in front of a dozen ftp servers. We use 12 different > ip addresses in total. One ftp-proxy for each CARP interface and > forwarding the traffic to o

Multiple FTP servers behind firewalls

2008-06-04 Thread Joe Warren-Meeks
Hey guys, I have a a pair of OpenBSD firewalls, using carp+pf protecting all our services. Now, we are going to end up in a situation where we need to have multiple separate ftp servers behind these firewalls (one per project). Currently I'm thinking of creating a new CARP interface on the extern

Re: NAT Rules

2008-05-22 Thread Joe Warren-Meeks
On Thu, May 22, 2008 at 06:18:21PM +0100, Joe Warren-Meeks wrote: Hey there, > We have two seperate datacentres, one using 172.16.1.0/24 and the other > using 172.16.2.0/24. In front of both are NAT'ing OpenBSD firewalls, > using something like: > > nat on $ext_if from -&

NAT Rules

2008-05-22 Thread Joe Warren-Meeks
Hello there, We have two seperate datacentres, one using 172.16.1.0/24 and the other using 172.16.2.0/24. In front of both are NAT'ing OpenBSD firewalls, using something like: nat on $ext_if from -> ($ext_if:0) (Where prv_net contains the netblock of that datacentre). Now, I would like that NA

Re: PF, CARP and ospfd

2008-05-19 Thread Joe Warren-Meeks
On Mon, May 19, 2008 at 05:03:37PM +0100, Joe Warren-Meeks wrote: > hey guys, > > I have a couple of firewalling routers, running > OpenBSD 4.2 + pf + carp + OpenOSPFD. I've realised my problem. Using the internal carp interface assures that routes will only be announced when it

PF, CARP and ospfd

2008-05-19 Thread Joe Warren-Meeks
hey guys, I have a couple of firewalling routers, running OpenBSD 4.2 + pf + carp + OpenOSPFD. Similar to the below: | | |.2|.3 192.168.1.0/24 | .1(CARP addy) | ------ | fw1 |

Re: 4.2 and em(4)

2008-04-14 Thread Joe Warren-Meeks
On Mon, Apr 14, 2008 at 05:38:21PM +0200, Jordi Espasa Clofent wrote: Hey there, > According several messages I've read from Henning or Daniel in present > and @pf list, there are not any benefits in run PF with MP kernels (and > multi-processor boxes, of course). Even you can get a poor perfo

4.2 and em(4)

2008-04-14 Thread Joe Warren-Meeks
Hey guys, I have a pair of firewalls running fully patched OpenBSD 4.2. These are DL140s and i have the optional quad gigabit ethernet card in them. Now, whenever I use the GENERIC kernel, all is well. However, if I switch to the GENERIC.MP kernel I lose connectivity and get em0: watchdog timeout

Re: HP DL140

2008-04-09 Thread Joe Warren-Meeks
On Wed, Apr 09, 2008 at 11:16:12AM +0200, Raimo Niskanen wrote: > Which generation of DL140? > I know there were some problems with the G3, but it did boot. I think it is the G3. It is the latest generation. > > several times and it just hangs after uncompressing the kernel, right > > before th

HP DL140

2008-04-09 Thread Joe Warren-Meeks
Hey there, Anyone had any truck installing OpenBSD on an HP DL140? I have tried several times and it just hangs after uncompressing the kernel, right before the copyright message from the kernel. Anyone know the magic cockerel wave to get them to boot? (Note, using 4.2 release) Thanks. -- joe

Re: ftp-proxy and carp

2008-03-13 Thread Joe Warren-Meeks
On Wed, Mar 12, 2008 at 12:28:00PM +, Joe Warren-Meeks wrote: > Hey chaps, > > I have a pair of OpenBSD firewalls running CARP Thanks for your help guys. -- joe. Daddy, can we play a game of brinkmanship?

ftp-proxy and carp

2008-03-12 Thread Joe Warren-Meeks
Hey chaps, I have a pair of OpenBSD firewalls running CARP $ uname -a OpenBSD ns-gs-fw2.host.nativ-systems.com 4.2 NS-GS-FW#0 i386 They both have internal and external addresses and an internal carp and external carp address shared. Now, they are protecting an FTP server that I want to allow ac

Re: FOSDEM 23/24 Feb Brussels

2008-02-22 Thread Joe Warren-Meeks
On Fri, Feb 22, 2008 at 12:08:14PM -0500, Douglas A. Tutty wrote: > Now, is a Flemish Cap: > > a. a distinctive head wear > b. a shallow area east of the Grand Banks > c. What Belch people call the head on the beer > d. all of the above > e.

Re: Remote Admin Card - Dell DRAC or HP ILO2 ?

2008-02-22 Thread Joe Warren-Meeks
On Thu, Feb 21, 2008 at 08:10:16PM +0100, Nick Nauwelaerts wrote: > I don't really see how this is related to openbsd, but ilo2 wins hands > down to drac, but has a costly advanced license. > Installing openbsd through ilo2 virtual cd works just fine btw. I thought you only needed the license if

HP Network cards

2008-02-18 Thread Joe Warren-Meeks
Hey guys, Is either HP ProLiant NC364T[0] or the NC360T (one quad gigabit ethernet, the second dual gigabit ethernet) supported under openbsd? I checked http://www.openbsd.org/i386.html#hardware which would indicate not, but I just wanted to double check here. If not, can anyone point me at a go

Re: OpenBSD and DR site planning

2008-02-15 Thread Joe Warren-Meeks
On Fri, Feb 15, 2008 at 09:12:19AM -0800, Rami Sik wrote: Hey there, > some of the services we are providing. These services include > http/https/smtp/pop3/imap. We have a number of different domains for > each service. For per protocol or per service failover, you'll need to do something lik

Re: OpenBGPD

2008-02-15 Thread Joe Warren-Meeks
On Fri, Feb 15, 2008 at 05:41:26PM +0100, Henning Brauer wrote: Hey there, > you just found it ;( > no seperate one, we didn't really see a need. Fair enough :-) > > Failing a mailing list, can anyone point me at any howtos? The man pages > > are great, but some examples would be nice. > > j

OpenBGPD

2008-02-15 Thread Joe Warren-Meeks
Hey guys, Is there a mailing list for OpenBGPD? I'm about to kick off a project to build a 2nd datacentre and we are going to move to PI space with two seperate transit providers and am planning on using OpenBGPD/OpenBSD. Failing a mailing list, can anyone point me at any howtos? The man pages ar

Re: 4.1 Hacked? Some interesting hashes

2008-02-11 Thread Joe Warren-Meeks
On Mon, Feb 11, 2008 at 04:34:18AM -0800, Manuel Ravasio wrote: Hey there, > Ok, I did understand THAT. > What I'm still missing is the relationship (if any) between a couple of > hashes and a possible breach in OBSD... Well, if the guy genuinely had an exploit and wanted to keep the mechanism

Re: Inexpensive networking.

2008-02-07 Thread Joe Warren-Meeks
On Thu, Feb 07, 2008 at 12:32:20PM -0500, Douglas A. Tutty wrote: Hey there > What speed is normal house-hold "high-speed" internet anyway? This > would be the best that most students would have experienced. Remote directory: /pub/OpenBSD/4.2 ftp> get xenocara.tar.gz local: xenocara.tar.gz rem

Re: Network Slowness Proliant DL380 G4

2008-02-07 Thread Joe Warren-Meeks
On Thu, Feb 07, 2008 at 03:04:13PM +, Stuart Henderson wrote: Hey there, > recvspace and sendspace do *nothing* to packet-forwarding > performance. they affect only locally sourced/sinked traffic. Ah yes, of course. So, is there anything I can do, or need to do, to ensure good throughput? O

Re: Network Slowness Proliant DL380 G4

2008-02-07 Thread Joe Warren-Meeks
On Wed, Feb 06, 2008 at 07:19:03PM +0100, Pete Vickers wrote: Hey there, > OpenBSD's bge driver sucks big time, typical symptoms are very slow > transfers, and incrementing errors (netstat -i). > You can confirm this by booting $other_os_boot_cd and retesting. Ah, I was unaware of this. I've g

Re: ftp.openbsd.org?

2008-02-04 Thread Joe Warren-Meeks
On Mon, Feb 04, 2008 at 03:40:50PM +0100, xavier brinon wrote: > man pages too www.openbsd.org too. That'd explain spamd-setup ftp connect timeouts all over the place :-) -- joe. Every single day we have to wait at Edgware Road.