> uname -a
OpenBSD [...] 7.7 GENERIC.MP#2 amd64
> nsd -v
NSD version 4.9.1
> man nsd.conf
...
chroot:
NSD will chroot on startup to the specified directory. Note that
if elsewhere in the configuration you specify an absolute pathname
to a file inside the chroot, you have to prepend the chroot
Original Message
On 7/18/25 12:31, Zé Loff wrote:
> On Fri, Jul 18, 2025 at 09:39:43AM +0000, otto.cooper wrote:
> > Original Message
> > On 7/17/25 23:36, Kenneth Gober wrote:
> > On Thu, Jul 17, 2025 at 11:05 AM otto.cooper
Original Message
On 7/17/25 23:36, Kenneth Gober wrote:
On Thu, Jul 17, 2025 at 11:05 AM otto.cooper wrote:
Because alldirs was the only way to export different paths to specific clients.
/export/folder1 -alldirs client1 client2 client3
/export/folder2 -alldirs client1 client2
Original Message
On 7/17/25 16:09, Kenneth Gober wrote:
On Thu, Jul 17, 2025 at 7:13 AM otto.cooper wrote:
Suppose you are legally bound by the following local policy:
1. /archive is subject to daily backups;
2. all exported folders must be /archive subfolders;
3. not all
> man exports
```
Regarding -alldirs, because NFS mount filehandles are filesystem wide the
-alldirs option applies to exports of the entire filesystem -- even mount
points that are higher up elsewhere in the directory hierarchy. Hence if
the server has a filesystem /export and you wished to expo
Original Message
On 6/20/25 01:00, jslee wrote:
> On Fri, 20 Jun 2025, at 08:17, otto.cooper wrote:
> > I see there is no package for the kerberos server...
> >
> > If I were the maintainer, I would apply for a GSOC and supervise a pair
> >
02:35, Ian McWilliam wrote:
>
>
> > On 20 Jun 2025, at 8:56 am, jslee wrote:
> >
> > On Fri, 20 Jun 2025, at 08:17, otto.cooper wrote:
> >> I see there is no package for the kerberos server...
> >>
> >> If I were the maintainer, I would
Original Message
On 6/19/25 21:50, Bjorn Ketelaars wrote:
> On Thu 19/06/2025 18:11, otto.cooper wrote:
> >
> > Original Message
> > On 6/19/25 19:51, Bjorn Ketelaars wrote:
> >
> > > > Is the samba packa
Original Message
On 6/19/25 19:51, Bjorn Ketelaars wrote:
> > Is the samba package broken?
>
> No, the samba package is working. At least as long as you do not need AD DC
> support. Support for the latter has been dropped some time ago because of
> crashes [0].
>
> [
I am afraid of asking.
Suppose your /etc/samba/smb.conf includes the following line.
> server role = active directory domain controller
This is what happens.
```
> doas testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM
Suppose you are 99% of the user base and will not even notice this problem.
What is the worst it can happen? What prevented system update from cleaning up
after itself?
Original Message
On 6/17/25 12:13, Stuart Henderson wrote:
> On 2025/06/17 10:02, Manuel Giraud wrote:
>
Happy birthday, and touch your testicles as everybody wishes you to stay safe
on spring's melting ice...
Original Message
On 5/19/25 04:18, Fabio Martins wrote:
> Still the 18th here, so, cheers and happy birthday tomorrow. stay safe.
>
> On 5/18/25 16:07, Mayuresh Kathe
You nailed it!
Original Message
On 5/18/25 00:20, Philip Guenther wrote:
> On Sat, May 17, 2025 at 8:57 AM otto.cooper wrote:
> > If I call /usr/libexec/locate.updatedb directly, the problem does not
> occur.
> >
> > When called by /etc/we
Original Message
On 5/17/25 18:48, Ingo Schwarze wrote:
> Hello Otto,
>
> On Saturday, May 17th, 2025 at 5:30 PM, otto.cooper wrote:
>
> > To avoid indexing large mounted volumes, as well as to focus the
> > locate database, I re-refined SEARC
Sent with Proton Mail secure email.
On Saturday, May 17th, 2025 at 5:52 PM, otto.cooper
wrote:
> If I call /usr/libexec/locate.updatedb directly, the problem does not occur.
>
> When called by /etc/weekly, the problem occurs.
>
>
>
> Sent with Proton Mail secure email.
The file /usr/libexec/locate.updatedb defines SEARCHPATHS as "/".
The same file defines a way to configure its operations, by reading
LOCATE_CONFIG="/etc/locate.rc",
from which SEARCHPATHS can be re-refined in locate.rc or specified as
--searchpaths.
To avoid indexing large mounted volumes, as
If I call /usr/libexec/locate.updatedb directly, the problem does not occur.
When called by /etc/weekly, the problem occurs.
Sent with Proton Mail secure email.
On Saturday, May 17th, 2025 at 5:37 PM, otto.cooper
wrote:
> Side note
>
> old minimal:
>
> > SEAR
Side note
old minimal:
> SEARCHPATHS="/usr /var"
new minimal:
> SEARCHPATHS="/usr /etc"
because /etc/weekly tests itself.
Sent with Proton Mail secure email.
On Saturday, May 17th, 2025 at 5:30 PM, otto.cooper
wrote:
> The file /usr/libexec/locate.up
On Sunday, April 13th, 2025 at 8:30 PM, H. Hartzer wrote:
> Hi misc@,
>
> I recently acquired a laptop that reports an Atheros AR928X wireless
> card. While it's somewhat usable, I've had a couple of instances
> of "odd behavior," including being unable to upload files reliably
> through Firefox
On Monday, April 14th, 2025 at 11:14 AM, Peter N. M. Hansteen
wrote:
> Just a thought:
>
> if the reason you are setting up two network interfaces on a system to
> connect to the same
> subnet is to use as much as possible of the bandwidth offered by the
> interfaces, would
> it not make more
On Monday, April 14th, 2025 at 11:42 AM, Daniel Jakots wrote:
> On Mon, 14 Apr 2025 09:33:38 +, "otto.cooper"
> otto.coo...@proton.me wrote:
>
> > The problem at hand is how to define the macros ext_if and int_if for
> > a system with multiple interf
On Monday, April 14th, 2025 at 10:03 AM, Janne Johansson
wrote:
> > The problem at hand is how to define the macros ext_if and int_if for a
> > system with multiple interfaces.
> > Neither pf.conf(5) nor "the book of PF" give a working example where the
> > macro holds more than one name.
>
Sent with Proton Mail secure email.
On Monday, April 14th, 2025 at 1:52 PM, otto.cooper
wrote:
> On Monday, April 14th, 2025 at 1:16 PM, Zé Loff zel...@zeloff.org wrote:
>
> > On Mon, Apr 14, 2025 at 01:14:23PM +0200, Peter N. M. Hansteen wrote:
> >
&g
On Monday, April 14th, 2025 at 1:16 PM, Zé Loff wrote:
> On Mon, Apr 14, 2025 at 01:14:23PM +0200, Peter N. M. Hansteen wrote:
>
> > Just a thought:
> >
> > if the reason you are setting up two network interfaces on a system to
> > connect to the same
> > subnet is to use as much as possible
Hello,
The problem at hand is how to define the macros ext_if and int_if for a system
with multiple interfaces.
Neither pf.conf(5) nor "the book of PF" give a working example where the macro
holds more than one name.
This is the only existing example of relevant syntax in pf.conf(5):
> ext_i
It is a very well established convention that words represent what they mean,
and their description is found in a good dictionary. If you change the meaning
of a word, in a dictionary of your own, the rest of the world will not
understand what you say.
hostname is a very well established word i
I did read the man pages.
You, on the other hand, you did not read my text, where I wrote about the man
page.
Sent with Proton Mail secure email.
On Monday, March 24th, 2025 at 4:45 PM, Jan Stary wrote:
> On Mar 24 14:40:47, otto.coo...@proton.me wrote:
>
> > Suppose you want to change the
Original Message
On 4/3/25 08:52, otto.cooper wrote:
> Original Message
> On 4/3/25 08:18, Janne Johansson wrote:
>
> > The default route is given by an ip, then the kernel looks up which
> interface contains the network for which
On Monday, March 31st, 2025 at 6:09 PM, Zé Loff wrote:
> Per this configuration, both interfaces are on 192.168.1.0/24: one is
> .11, the other is .12.
> Since routing seems to work properly, I am assuming this was a copy/paste
> error.
No copy/paste error. Perhaps a real error on my side.
Reading hostname.if(5) and ifconfig(8) again, I understand that commands in
hostname.if are executed by ifconfig. Of interest here is the ifconfig command
"group"; hostname.if(8) does not say a word about this command, but it should
work. Of special interest here is the group "egress". hostname.
> You'll also have to tell all the machines in the LAN that their new
> gateway is at 192.168.1.6 (or whatever is the address of the firewall's
> internal interface). Otherwise they'll still be trying to reach
> 192.168.1.1 and won't be able to do so.
> Also, note that if the hosts in the LAN are
elect (none)
status: no carrier
inet 192.168.1.5 netmask 0xff00 broadcast 192.168.1.255
enc0: flags=0<>
index 5 priority 0 llprio 3
groups: enc
status: active
pflog0: flags=141 mtu 33136
index 7 priority 0 llprio 3
groups: pflog
On Wednesday, April 2nd, 2025 at 10:44 AM,
> The easy solution then would be to stick
>
> 192.168.1.1
>
> in /etc/mygate, then run doas sh /etc/netstart or equivalent
Done. No joy.
This is a firewall, I need egress to be on the right interface.
> If you are trying to setup a firewall, Peter Hansteen's "Book of PF" will
> surely help. It is not an absolute requirement, and you can wing it
> just by reading the man pages and asking around for help, but it will
> surely save you some time.
The book is on my desk.
On Monday, March 31st, 2025 at 5:21 PM, Zé Loff wrote:
> Any particular reason for having two different interfaces on the same
> subnet, with the same priority? Can you communicate with machines
> connected to the LAN switch with this setup?
The gateway is on 192.168.1.1, the lan is on 192.168
On Wednesday, April 2nd, 2025 at 5:50 PM, Claudio Jeker
wrote:
> As long as the default route points to ix0 the egress will be in ix0.
This is what I want to understand. Physically, the default route is the
gateway. I am in the firewall, trying to configure a specific interface, to
point at
Original Message
On 4/3/25 08:18, Janne Johansson wrote:
> The default route is given by an ip, then the kernel looks up which
> interface contains the network for which the box can reach this ip in a
> single hop. If it can, the route is now shown to be over this interfac
Lessons learned are gold.
I am still stuck with the basic case of one firewall for one ISP, because in
the PCI bus the interface connecting with the LAN switch (ix0) sits before the
interface connecting with the gateway (em0), causing obsd to assign ix0 to
egress. Attempts to correct this via h
On Wednesday, April 2nd, 2025 at 5:50 PM, Claudio Jeker
wrote:
> egress works. As long as the default route points to ix0 the egress will be
> in ix0.
egress works in the sense that it is singing it and dancing it all by itself,
because if I start the firewall, egress is the LAN which is su
:
> Den ons 2 apr. 2025 kl 17:08 skrev otto.cooper otto.coo...@proton.me:
>
> > > The interfaces the default routes point to are members of the "egress"
> > > interface group. --- ifconfig(8)
> >
> > Note the plural.
> > If I connect all inter
re this is the right piece of
code anyway. What I am trying to do is to pinpoint where, in the code, the
interface is selected for membership to egress.
On Wednesday, April 2nd, 2025 at 12:31 PM, otto.cooper
wrote:
> On all OpenBSD systems around here, the interface with index 1 is the o
> The interfaces the default routes point to are members of the "egress"
> interface group. --- ifconfig(8)
Note the plural.
If I connect all interfaces to the gateway, only index 1 is promoted to egress.
On all OpenBSD systems around here, the interface with index 1 is the only one
in group egress. It seems that OpenBSD blindly does so, based on what interface
comes first at boot time (and its live connection), which depends on its
position on the PCI bus, which ultimately defines its ifconfig "
Thank you for the recommendations. I appreciate it.
> Your LAN does *not* have to be in the same network segment as your ISP
> gateway.
Agreed.
The problem is the conflict that occurs naturally when connecting any two ISPs.
> If your ISP changes the configuration of the gateway it provides, o
> Then all I and Peter Hansteen said stand true. Having both interfaces
> on the same subnetwork won't work easily without unnecessarily
> complicated routing "hacks". Simply move one of the sides of the
> network to a different subnet and go from there.
It has been working for 20+ years and n
specific ISPs and
have a LAN that is resilient to ISP changes?
On Tuesday, April 1st, 2025 at 8:34 AM, Peter N. M. Hansteen
wrote:
> On Tue, Apr 01, 2025 at 07:47:09AM +, otto.cooper wrote:
>
> > > Then all I and Peter Hansteen said stand true. Having both interfaces
&
I think this is the right direction.
On Tuesday, April 1st, 2025 at 8:42 AM, Claudio Jeker
wrote:
> On Tue, Apr 01, 2025 at 07:47:09AM +0000, otto.cooper wrote:
>
> > > Then all I and Peter Hansteen said stand true. Having both interfaces
> > > on the same subnetwork w
> > > > If you are trying to setup a firewall, Peter Hansteen's "Book of PF"
> > > > will
> > > > surely help. It is not an absolute requirement, and you can wing it
> > > > just by reading the man pages and asking around for help, but it will
> > > > surely save you some time.
> > >
> > > The
On Tuesday, April 1st, 2025 at 7:54 AM, otto.cooper
wrote:
> On Tuesday, April 1st, 2025 at 7:52 AM, otto.cooper otto.coo...@proton.me
> wrote:
>
> > > If you are trying to setup a firewall, Peter Hansteen's "Book of PF" will
> > > surely help. It i
gress must contain em0 and em1 only.
Attempts to reconfigure it have failed.
Thank you
Original Message
On 3/31/25 18:39, otto.cooper wrote:
> [Apologies to the non-USA readers for the pedantic text.]
>
> Problem
> ---
>
> In a machine with 4 Ether
On Tuesday, April 1st, 2025 at 7:52 AM, otto.cooper
wrote:
> > If you are trying to setup a firewall, Peter Hansteen's "Book of PF" will
> > surely help. It is not an absolute requirement, and you can wing it
> > just by reading the man pages and asking around
Sorry, when you mentioned a typo I thought you were referring to the content of
hostname.if.
The network is 192.168.1.1/24.
On Monday, March 31st, 2025 at 5:21 PM, Zé Loff zel...@zeloff.org wrote:
> Can you communicate with machines connected to the LAN switch with this setup?
Yes.
[Apologies to the non-USA readers for the pedantic text.]
Problem
---
In a machine with 4 Ethernet interfaces, OpenBSD sets to egress the wrong
interface.
This is the initial configuration:
```
> cat /etc/hostname.em0
inet 192.168.1.11 255.255.255.0 192.168.1.255
up
> cat /etc/hostname.em
Hello,
# Q1
Suppose you want to change the host name.
You think of hostname, look for /etc/hostname, and find something unrelated.
The file /etc/hostname does not exist.
The files /etc/hostname.if do exist, but have nothing to do with the host name.
By comparison, in linux /etc/hostname exist
Hello,
# Q1
Suppose you want to change the host name.
You think of hostname, look for /etc/hostname, and file something unrelated.
The file /etc/hostname does not exist.
The files /etc/hostname.if do exist, but have nothing to do with the host name.
By comparison, in linux /etc/hostname exis
56 matches
Mail list logo
