On 12 Dec 2008, at 17:10, Michiel van der Kraats wrote:
oscommerce works but is a mixed bag.
I've heard similar things about osCommerce. I have been recommended
this:
http://www.shopify.com/
If you can let go of the hosting then it looks rather sweet.
G.
--
Imagine there were no hypot
On 4 Apr 2009, at 21:01, Manuel Carrasco wrote:
> I don't know too much, so i am here, asking if somebody can help me,
> the
> basics.
Try this:
http://openbsd.org/faq/
This will serve you very well.
--
When I die I want to go peacefully in my sleep like my Grandfather,
not scream
On 7 Apr 2009, at 20:32, Jose P.G wrote:
Hi, i am logged as root and when i try to enable "Internet",
"games"... and
i press "close" it doesn't works, it stays inactive. Somebody could
helpo
me? I don't understand why this is happening.
And:
Hi, i have installed openbsd 4.4 with gnome an
On 11 May 2009, at 22:40, Marco Peereboom wrote:
On Mon, May 11, 2009 at 03:24:15PM -0500, James wrote:
Here is your Topic of the Month. Please log in at http://www.jesus4athiest.org";>www.jesus4athiest.org
Topic: Is Jesus God
peace-james
no
But at least he uses a DOCTYPE tag.
--
On 27 May 2009, at 16:54, Bob Beck Via Secure Email wrote:
Hi this is bob. really.
I can haz Ur Passwordz plz?
Yes, my passwords are: god, sex and please.
ohai, and Ur bank accountz and sinz too?
Account no. 7337h4x0r5, my SIN is one of omission.
I'm trusting you with these so don't do an
On 27 May 2009, at 17:38, bofh wrote:
> On a post it in her drawer (and no, I will not be drawn into a
> discussion of the possible meanings of "drawer" in the .us vs .uk
> versions).
Something about rifling through her drawers
--
When I die I want to go peacefully in my sleep like my Grandfa
I have a machine that is running 4.3 bsd.mp, MySQL and one single site
of PHP scripts which keep crashing. The frustrating thing is that it
doesn't panic the kernel so I can't get any DDB output, the machine
just locks up. Looking at it over the KVM it just shows the login
prompt with the
On 8 Jun 2009, at 16:46, Josh Grosse wrote:
> On Mon, 8 Jun 2009 15:56:48 +0100, Gaby Vanhegan wrote
>
>> Any suggestions about how I can try and figure out what's killing
>> it?
>
> If sysctl ddb.console=1, and the OS is still accepting interrupts
> from th
I'm having an annoying time trying to make MySQL run with a large
amount of buffer memory. I have 4Gb of RAM and 8Gb of swap and I need
to increase the data size limit for the _mysql login class. Currently
it's set to unlimited but it doesn't seem to be coming through to the
_mysql login
Thanks for getting back to me so swiftly, I've been banging my head
against this for a couple of days now... :(
On 9 Jun 2009, at 22:06, Daniel Ouellet wrote:
Gaby Vanhegan wrote:
I'm having an annoying time trying to make MySQL run with a large
amount
of buffer memory. I have
On 9 Jun 2009, at 22:43, Daniel Ouellet wrote:
If I may asked, why would you really want to get a 2GB buffer?
The app generates a lot of database traffic, as well as doing some
fairly large transactional queries, hence the need for InnoDB. MySQL
queries keep failing with lack of memory er
I've been googling around for any information about OpenBSD on this
hardware. I want to get up and running in 64bit mode but the only
thread I've found about this chip in a Dell R200 server was about
having problems with a 4.1 install.
Am I likely to hit any problems installing 4.5 on a Xe
On 16 Jun 2009, at 12:42, Toni Mueller wrote:
I've been googling around for any information about OpenBSD on this
hardware.
hmmm I can only tell you that "it works" on an X3230 (Supermicro,
though). The machine works for me since a few months now.
Getting a test machine that you can keep if i
On 16 Jun 2009, at 14:19, Marco Peereboom wrote:
Works fine. Theo uses a pair as bgp boxes.
Are they used in 64bit mode?
G.
--
Being drunk is feeling sophisticated without being able to say it.
http://www.playr.co.uk/
On 16 Jun 2009, at 14:30, Gaby Vanhegan wrote:
> On 16 Jun 2009, at 14:19, Marco Peereboom wrote:
>
>> Works fine. Theo uses a pair as bgp boxes.
>
> Are they used in 64bit mode?
Of course I realise now the complete and utter stupidity of this
question. Please ignore.
(An
Does anybody know the status of large memory support in 4.5/amd64? I
found this about 4.4 not finding the full 4GB:
http://kerneltrap.org/mailarchive/openbsd-misc/2008/12/15/4420904
And this about bigmem causing boot failure:
http://kerneltrap.org/index.php?q=mailarchive/open
On 22 Jun 2009, at 14:58, Thomas Pfaff wrote:
On Mon, 22 Jun 2009 12:37:08 +0100
Gaby Vanhegan wrote:
I have a machine with 4GB RAM and a quad core Xeon processor. Will
it
be able to see the full 4GB of RAM or will I have to tweak bigmem,
either by building a custom kernel (really don&#
On 7 Mar 2008, at 11:49, arthur wrote:
> I am loading cd43.iso from ftp.openbsd.org and it is 4.2k/s.
> Anything wrong,
> or just to busy.
>
> Loading from FBSD is 146k/s so it is not problem with my internet.
You could try using a more local mirror?
http://www.openbsd.org/ftp.html
Ga
On 21 Dec 2006, at 20:02, Daniel Ouellet wrote:
> Any valid feedback on the security and stability of this one on
> OpenBSD, or any other prefer. I am looking more for security and
> stability oppose to bell and whistle and features.
I was under the impression that TinyMCE, and other htmlarea
On 21 Jan 2007, at 17:58, bofh wrote:
> And along those lines, some simple photo album type thingy? SWMBO
> wants to put something up for family members to see, and I prefer not
> to use one of those big commercial things.
http://vanhegan.net/software/microalbum/
Disclaimer: I am the author o
On 25 Jan 2007, at 03:52, Darren Spruell wrote:
> On 1/24/07, chefren <[EMAIL PROTECTED]> wrote:
>> On 1/25/07 1:34 AM, Passeur wrote:
>> > We are in the process of developing a PHP framework with a web
>> frontend to
>> > manage the OpenBSD settings through a web browser.
>> > A friend advised
Hi,
Reading the security advisory for the ipv6 buffer issue, the
workaround is to block inet6 traffic in pf.conf. My default block
line is actually:
block in on $ext_if
Where $ext_if is the net connection (the only network connection the
machine is plugged into). Is the rule:
block in i
On 5 Sep 2007, at 18:13, Nick Guenther wrote:
> On 9/5/07, Josef Stalin <[EMAIL PROTECTED]> wrote:
>> communism is good, openbsd comrades.
>>
>> it is very nice.
>>
>
> Party on.
In communist russia, OpenBSD develops you!
--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/
Hi,
I'm struggling to make femail work in the Apache chroot. I made
mini_sendmail work from ports, but this isn't ideal as it requires sh
inside the chroot, so I've done away with that idea. femail is the
suggested alternative but I have had no success in making it work.
I have compiled t
On 3 Jun 2006, at 17:03, Clint M. Sand wrote:
> So all I have to do is *TRY* to login as you on another machine and
> your
> original legit connection is dropped?
>
> Think about this.
Only successful logins would update the IP associated with that
login. Failed login attempts would do nothi
On 4 Jun 2006, at 15:55, Nick Guenther wrote:
> Being more restrictive will just end up being a pain. For example,
> maybe two friends want to share a connection, so the first gets on and
> then after a bit passes it off to the second who changes their IP and
> MAC to match, but then bam, they can'
Hi,
What are my options for encrypting wireless traffic between client
and access point, where the access point is an OpenBSD box with a
supported wireless card? Does it just depend on what encryption
methods the card supports?
I'm not that bothered about people getting onto the network, a
On 5 Jun 2006, at 21:14, Spruell, Darren-Perot wrote:
> From: [EMAIL PROTECTED]
>> WEP is pretty much out, WPA isn't supported, IPSec is probably too
>> complicated for the general public to get going, and that's about
>> it. If I can't do it in OpenBSD, I may have to use a
>> separate access poi
On 5 Jun 2006, at 23:05, Spruell, Darren-Perot wrote:
> Recent FreeBSD has WPA(2?) support or you could pick up a $50 WAP
> to provide
> it too. Don't know if there's anything with good security and good
> ease-of-client-setup outside of that...
It's always the trade-off between ease of use and s
On 6 Jun 2006, at 09:40, Stuart Henderson wrote:
>> You'd be sniffing encrypted traffic at that point, right?
>
> Not if you poison ARP, since the traffic will be directed
> to your MAC address and the AP will send it encrypted with
> your key. It's just an ethernet-type network, remember.
> (You
On 6 Jun 2006, at 17:12, Spruell, Darren-Perot wrote:
> My understanding is that the key shared by the WLAN nodes in WPA-
> PSK is used
> to generate session keys, which are then cycled on a frequent basis
> (by
> TKIP, if configured on WPA1) or another method that escapes me on WPA2
> (802.11i
On 6 Jun 2006, at 19:37, Spruell, Darren-Perot wrote:
> I understand. You're not saying anything regarding intercepting an
> existing
> session and accessing the data; it's akin to getting an Ethernet
> cable on a
> LAN (since you have the PSK for authentication) and negotiating a new
> commun
On 6 Jun 2006, at 21:21, Spruell, Darren-Perot wrote:
> No. In the scenario Stuart was describing, there's no decryption to
> occur.
> The originally encrypted traffic is still safe, but when you pop in
> and say
> "hi, I'm such-and-such IP, honest", the WAP happily negotiates a
> new sessio
On 7 Jun 2006, at 13:33, Eliza Mazur wrote:
> I would like to get additional information about a spam complaint
> that was
> posted by your company. Do you have a specific department that
> handles
> these sorts of inquiries, or should I send the details regarding
> this matter
> direct to
Has anybody any good/bad experiences to report with:
http://www.ebuyer.com/UK/product/50127
Netgear WG311 Wireless PCI card
The reviews seem to rate them, it's listed as supported hardware and
it's less than #30. Any reason I shouldn't get one of these to go
with a 3.9 box?
Gaby
--
Junkets for
On 8 Jun 2006, at 09:36, Andy Hayward wrote:
> Edimax EW-7128G
> http://www.scan.co.uk/Products/ProductInfo.asp?WebProductID=152539
Can't argue with that price! Thanks!
--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/
Just an idle thought: are there any plans to put information from
bioctl into some sensors that would be accessible by sysctl -a? It's
(marginally) easier to parse information from the sysctl output than
from bioctl itself.
Gaby
--
Junkets for bunterish lickspittles since 1998!
http://www.
On 15 Jul 2006, at 15:48, Soner Tari wrote:
> I have time-based pf rules using cron and anchors (such as to restrict
> HTTP access after hours). But as you can guess, they do not survive a
> reboot. Is there any solution?
Create a script that works out what the rules should be at any given
time
So, I have this disk setup:
# df -h
Filesystem SizeUsed Avail Capacity Mounted on
/dev/sd0a 49.2G1.6G 45.2G 3%/
/dev/sd0g 181G2.0K172G 0%/backup
/dev/sd0f 167G549M158G 0%/home
/dev/sd0e 9.8G 12.0K9.3G 0%/tmp
On 16 Aug 2006, at 06:24, Theo de Raadt wrote:
> If you are stuck on SATA, the Areca stuff is a few weeks away from
> totally rocking. And it is cheap.
I can see that these guys also freely provide API documentation and
code:
http://www.areca.com.tw/support/index/dc1120.htm
Does this
On 16 Aug 2006, at 15:58, Bernd Schoeller wrote:
>>> If you are stuck on SATA, the Areca stuff is a few weeks away from
>>> totally rocking. And it is cheap.
>>
>> Does this mean that it will be supported by bioctl soon?
>
> Is there any other way to understand Theo's comment? ;-)
Huzzah for ope
On 16 Aug 2006, at 15:58, Bernd Schoeller wrote:
>>> If you are stuck on SATA, the Areca stuff is a few weeks away from
>>> totally rocking. And it is cheap.
>>
>> I can see that these guys also freely provide API documentation and
>> code:
>>
>> http://www.areca.com.tw/support/index/dc1120.
On 30 Aug 2006, at 19:51, Torsten Geile wrote:
> mail -a file -s "test" recepient >.
>
> would do it, but actually in my case it doesn't.
I think you have to send it in base64 encoded form, with a few added
headers. What's simpler would be to put it in some publicly
accessible place (like a
On 30 Aug 2006, at 20:08, Gaby Vanhegan wrote:
> I think you have to send it in base64 encoded form, with a few added
> headers. What's simpler would be to put it in some publicly
> accessible place (like a website) and send the URL to the file rather
> than the file itself.
On 8 May 2008, at 20:24, Theo de Raadt wrote:
> Perhaps some who watch the commit logs have already figured out that
> most of the network developers are currently involved in a week-long
> network hackathon in Japan.
>
> A bit more information about this can be found at
> http://openbsd.org/hacka
We had a drive failure on a RAID5 (LSI MegaRaid SATA 150-4) volume in
our server (OpenBSD 4.1/x86). The hot spare kicked in and the volume
rebuilt fine after a successful fsck in single user mode. We put in a
new drive as the new hot spare:
# bioctl -Div ami0
bioctl: cookie = 0xd2a23c10
b
On 18 Jun 2008, at 16:51, Marco Peereboom wrote:
> As far as I know I fixed the hot-spare thing on ami. If that is not
> the
> case let me know.
I booted into the card's BIOS and confirmed that the drive was marked
as hot spare. It seems to have worked, and this is on 4.1 as well.
Thanks!
I'm really having an incredibly painful time with MySQL on 3.9. Has
anybody had a problem getting MySQL 4 or 5 to play happy? I've read
these pages:
http://www.openbsdsupport.org/mysql.htm
http://monkey.org/openbsd/archive/misc/0411/msg03296.html
http://marc.theaimsgroup.com/?l=openbsd-misc&
Hi,
Although the mail archives have little on the topic, as does google,
are there any major security concerns I should be aware of when
installing mod_dav under the stock OpenBSD apache1.3, with apache
chrooted?
Gaby
--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk
On 3 Dec 2006, at 21:12, Pete Vickers wrote:
> I've used it problem free with osx & windows clients; it should
> probably only be available only over https,
Amusingly, that's almost the exact same setup I ended up with :)
I also had a non-ssl site serving from the same web root and denied
a
On 25 May 2005, at 05:34, Sean Brown wrote:
On May 24, 2005 9:43 am, Gaby vanhegan wrote:
On 24 May 2005, at 16:00, Gaby vanhegan wrote:
Is there a similar burn-testing app that I can run on OpenBSD to test
the stability of the machines over a 12 day period?
I should have mentioned that
On 26 May 2005, at 16:00, Oliver J. Morais wrote:
* Gaby vanhegan <[EMAIL PROTECTED]> [050526 14:53]:
for x in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
24
Ouch ;-) for x in `jot 24 1` is better I think ;-)
I tried to use seq, but it wasn't there. Quick t
On 26 May 2005, at 18:27, Oliver J. Morais wrote:
* Gaby vanhegan <[EMAIL PROTECTED]> [050526 17:31]:
Ouch ;-) for x in `jot 24 1` is better I think ;-)
I tried to use seq, but it wasn't there. Quick to write the numbers
than search the man page...
/usr/ports/misc/sh-utils if
On 26 May 2005, at 13:53, Gaby vanhegan wrote:
This turned out to be the simplest suggestion, and therefore wins a
special prize*. What I actually did in the end was:
Sorry for replying to my own post, but it seems related. These
systems, being SMP systems are using the bsd.mp kernel. I
Hi,
A while back I wrote some scripts to parse spamd logs (and rblsmtpd and
spamassassin logs) and run them through rrdtool and generate graphs
from them. I use newsyslog to rotate the spamd logs prior to running
them through the handling script, which processes the logs on an hourly
basis.
Hi,
I know that I should really be applying my own source patches, but I
find binpatch very useful. The usual site that I use:
http://www.openbsd.org.mx/pub/binpatch/
Has not built any patches for 3.7, despite there being 4 security
advisories published about it. Are there any other b
On 16 Aug 2005, at 14:04, Rico wrote:
> tepatche is good.
It doesn't look like it's been updated since 2003. Are there any
more recent tools? Does anyone else have any good/bad experiences
with tepatche?
Gaby
--
Junkets for bunterish lickspittles since 1998!
[EMAIL PROTECTED]
http://weblo
Hi,
I am still working on a nice automated installation CD system. It is
partially a custom boot CD and partially a site36.tgz file that
installs all the relevant packages, then does a scripted restoration
from out backup server. It's intended for bare-metal restores in the
event of comp
From Nick Holland:
> The problem arises when, if going on to a brand new machine, that
the
> disk size may be different than the original it is restoring. As
> part of the installer (in the OpenBSD install environment, booted
off
> an openbsd installer CD) I'd like to read the size of the
Hi,
I'm running 3.6 (yes, due for an upgrade) and I keep getting hit by
some hackers that are using a bug I can't track down to download perl
scripts into /tmp:
[EMAIL PROTECTED] 11:26]# cd /tmp/
[EMAIL PROTECTED] 11:26]# ls -lFa
total 76
drwxrwxrwt 2 root wheel512 Mar 15 12:21
On 15 Mar 2006, at 21:39, Anon wrote:
> As OBSD is focused on security, it makes a lot of sense to me that
> OBSD would at least include the CGI version of PHP in its php-core
> packages, and preferably have a suphp package too.
Ports are provided by the community, not by OpenBSD. OpenBSD
Who wins in the OpenBSD world? DRAC (Dell Remote Admin Card) or iLo
(HP's Integrated Lights Out)? We're looking at new servers and are
wondering if these are worth the cash, or which is the one to go for?
Gaby
--
Junkets for bunterish lickspittles since 1998!
http://vanhegan.net/sudoku/
htt
Hi,
If I got one of these:
http://www.lsilogic.com/products/megaraid/sata_150_4.html
Which is supported under the ami driver, and that I'll have four
drives in RAID 5, each in these:
http://www.ebuyer.com/customer/products/index.html?
action=c2hvd19wcm9kdWN0X292ZXJ2aWV3&product_uid=99222
Am
On 29 Mar 2006, at 17:46, Jon Simola wrote:
> On 3/29/06, Gaby vanhegan <[EMAIL PROTECTED]> wrote:
>> Am I still going to be able to use the nice blink functions in
>> bioctl? I'd like to know which drive my RAID card thinks has died...
>
> You'd have to get a
Hi,
I'm trying to setup a system to account for the traffic that flows
through the firewall by service (http, smtp, etc). I have had some
success playing with tcpdump and pf logging but I can't quite work
out what's going on. I have pf logging the traffic that I want to
account for so /v
On 9 Apr 2006, at 14:10, Andrew Veitch wrote:
> Would pmacct help in this scenario? http://www.pmacct.org/
> Not sure whether it could be configured to listen to pflog though.
The thing with pflog is that I can't see which field (if any) is the
packet size, which is what I'm interested in. I'
On 9 Apr 2006, at 15:26, Stuart Henderson wrote:
The thing with pflog is that I can't see which field (if any) is the
packet size, which is what I'm interested in. I'm trying to log how
much of which protocol eats what amount of my bandwidth, both inbound
and outbound.
Are the 'pfctl -sr -v'
And the winner is:
pmacct.
This one is really quick and simple to put together, five minutes and
a configuration file later and I'm logging all traffic on all ports
in 10 minute time slices, broken down by source, destination, MAC,
port, etc. It also contains actual amounts of traffic too,
On 9 Apr 2006, at 18:55, Gaby vanhegan wrote:
> And the winner is:
>
> pmacct.
The only problem here is that I'm running 3.6 and pmacct requires
libpcap >= 0.6, and 0.3 is what I have. I can't do an upgrade at the
moment, there's too many variables, but if I w
On 10 Apr 2006, at 17:29, Joachim Schipper wrote:
>> The only problem here is that I'm running 3.6 and pmacct requires
>> libpcap >= 0.6, and 0.3 is what I have. I can't do an upgrade at the
>> moment, there's too many variables, but if I were to build libpcap
>> from source, would it clobber the
Hi,
There's a very nice file in /var/log called xferlog, which logs all
the ftp connections and files that go in and out of my machine. Very
handy.
Is there a similar setup available for sftp? Is there a config
directive I can tweak in sshd_config or other file? Can it be
extended to s
Hi,
I have a new server (2.66Ghz Core Duo) with a spangly new LSI
MegaRaid card (disable pcibios made it boot happily using bsd.mp),
and once we'd found the broken stick of RAM everything's happy (dmesg
at end)
I have a systems question, relating to apache. I would like to run
apache chr
On 19 May 2006, at 20:59, Nick Guenther wrote:
> Would hardlinking /home into /var/www/home help? I don't know all the
> details of chroot so I don't know if this would work.
The basic premise is that each user has a websites folder that all
their sites are in. For example, we would have /home
On 19 May 2006, at 21:28, Mike Spenard wrote:
> I'm looking for scripts to generate statistics off of /var/log/spamd
If you don't mind using rrdtool to collate the information, I have
some scripts here:
http://vanhegan.net/software/
In the Misc section down the bottom, you'll find my php/rrd/
On 19 May 2006, at 21:19, jared r r spiegel wrote:
> i made myself a seperate /var/www/htdocs/ partition and
> then make individual symlinks from ~/public_html ->
> thatpartition/
IIRC I can't write hard links across partitions, and /var and /home
are on different partitions.
On 19 May 200
On 20 May 2006, at 00:44, Stuart Henderson wrote:
> move the files under /var/www, and nfs mount to 127.0.0.1 back
> into the homes? you probably want to look at amd for this.
> of course the ftpd could sit on another machine if you want.
This means that I'd need an nfs mount point for each websi
Hi,
As mentioned before, I have a new server with the LSI MegaRaid
SATA150-4 card. All works nicely at the moment, bar a slight problem
with hot-spares.
We configured a RAID-5 array with three 250Gb drives and one hot
spare. We simulated a failure by yanking the cable out from drive 2,
On 20 May 2006, at 15:15, Joachim Schipper wrote:
>> Something's got to give here. I suspect that I'm going to have to
>> un-
>> chroot the ftp daemon. Is there an ftpd somewhere that can prevent
>> users from looking at certain directories? For example, I would like
>> to limit access only t
On 20 May 2006, at 16:28, Marco Peereboom wrote:
> I fixed this in current. You can simply just upgrade the ami files
> to -current and build a 3.9 that is mostly RELEASE.
Was it a functional problem or just a cosmetic one? If I leave it as
it is, is it going to cause any real problems for
On 20 May 2006, at 17:56, Pancho Cole wrote:
> I use Pro FTP to chroot users to their home directories. see
> http://www.proftpd.org/
Yes, but the point is they also need to access another directory,
owned by them, but well outside of that chroot, all under one login.
Not using pro-ftpd,
On 23 May 2006, at 22:10, L. V. Lammert wrote:
>> Being interpreted is certainly part of the problem. Quickly compiled
>> languages like python, perl and pike are significantly faster, while
>> still being very dynamic and flexible.
>
> RoR uses fastcgi, .. which is just as fast as Perl or Python
Hi,
The last mention of this on misc@ was march, and not much prior to
that. Does anybody have any good/bad experiences with pftpx? I plan
to use it to proxy incoming FTP connections, the opposite of what I'd
use ftp-proxy for...
Gaby
--
Junkets for bunterish lickspittles since 1998!
htt
On 25 May 2006, at 20:49, Ray Lai wrote:
> On Thu, May 25, 2006 at 08:28:12PM +0100, Gaby vanhegan wrote:
>> The last mention of this on misc@ was march, and not much prior to
>> that. Does anybody have any good/bad experiences with pftpx? I plan
>> to use it to proxy inc
On 25 May 2006, at 21:35, Peter Fraser wrote:
> The nice thing about pftpx -- it is symmetrical
Yes, hence my question, and happiness that it replaced ftp-proxy.
Where are I going wrong here? (pf rules and config to be found below).
On 25 May 2006, at 21:42, Spruell, Darren-Perot wrote:
> I w
On 26 May 2006, at 11:31, Camiel Dobbelaar wrote:
> Ah right, running the proxy and server on the same machine is not
> supported.
I see. What about running them on separate IP addresses (both still
on the same machine)? Or do they need to be on different physical
interfaces? Should I use
Hello, good evening and welcome.
I'm building a system that allows wireless clients to connect to an
AP, authenticate themselves with a login and password, and they're
then granted access to the internet, through a pf firewall using
tables to control access.
The clients are all assigned an
On 2 Jun 2006, at 23:16, Spruell, Darren-Perot wrote:
> Neither reasonable nor sensible from a security standpoint.
> Authenticating
> based on MAC addresses is like authenticating someone on the
> pretense of
> them wearing a blue shirt. It's not a strong authenenticator and it
> can be
> c
On 8 Sep 2005, at 13:55, Stephan A. Rickauer wrote:
> Thanks to the kind help on this list, my test firewall successfully
> runs OpenBSD 3.7 and is basically configured. I now need to think
> about migrating my existing netfilter rule set to pf and would like
> to ask also some general quest
On 8 Sep 2005, at 14:55, Stephan A. Rickauer wrote:
> Ok, I'll make it more concrete. If a machine has traffic going over
> two interfaces (router) a netfilter rule would look like this:
>
> iptables -A FORWARD -i in-iface -o out-iface ...
>
> It looks like with pf one achieves that with:
>
>
On 8 Sep 2005, at 15:18, Stephan A. Rickauer wrote:
>> I had similar problem few months ago. In my case I used fwbuilder to
>> check how my netfilter rules looks in pf syntax. It was very helpful.
>
> Good that you mention that. I also use fwbuilder to manage my rule
> sets with netfilter. I tho
On 8 Sep 2005, at 15:32, Stephan A. Rickauer wrote:
Gaby vanhegan wrote:
$if_in="xl0"
$if_out="xl1"
pass in on $if_in keep state
pass out on $if_out keep state
Ok, let's stick to that example. Imagine a firewall having three
interfaces connecting Internet, LAN and
On 8 Sep 2005, at 16:13, Erik Wikstrvm wrote:
>> # Put this macro at the top
>> if_dmz="xl2"
>> # Later on in the ruleset, deny everything but smtp to the DMZ
>> block in on $if_dmz keep state
>> pass in on $if_dmz from any to 1.2.3.4 port smtp keep state
>
> Wouldn't that block traffic from the
Hi,
I'd just like to say how useful this list is. Even though I don't
contribute to it much, my lurking for the last few years has enabled
me to solve many, many problems, based on the useful snippets that
are passed around on this list.
For example, Zope was causing problems, and throwing
On 3 Oct 2005, at 12:11, <[EMAIL PROTECTED]> wrote:
> I just thought of another solution. Stupid me not thinking of it
> earlier. I can log all http traffic with PF and write some perl to
> process the logfile. Can't believe I was staring blind on a 3rd party
> solution.
Perhaps transparent proxy
On 3 Oct 2005, at 14:48, <[EMAIL PROTECTED]> wrote:
> be warned: depending on the number of clients on your network, logging
> all http traffic is a pretty good way of testing the reliability of
> your
> disk.
If you do eventually get your HTTP traffic running through one host,
running EtherP
On 16 Oct 2005, at 15:47, Wijnand Wiersma wrote:
> 2
>> 1. Continue using scponly but with chroot and then linking the
>> directories inside their home directories.
>
> I thought scponly has chroot functionality builtin.
Yes it does, and you can't link outside of that chroot. Also, you
have
On 16 Oct 2005, at 17:13, Dave Anderson wrote:
>> That being said, FTP is well past the time it was designed for.
>> OpenSSH
>> is very stable and featurefull. Just make sure it isn't *too*
>> featureful
>> for what you're doing.
>
> There _is_ one useful-to-me feature of FTP that I can't find
On 18 Oct 2005, at 17:36, Kiraly Zoltan wrote:
>> Now it is really OpenBSD's 10th birthday ;)
Happy birthday! When do the birthday cake pre-orders open?
Gaby
--
Junkets for bunterish lickspittles since 1998!
[EMAIL PROTECTED]
http://vanhegan.net/sudoku/
http://weblog.vanhegan.net/
On 18 Oct 2005, at 21:49, Aaron Glenn wrote:
> http://www.openbsd.org/donations.html
> $25 sent. Happy birthday, OpenBSD.
Same here. Birthday wishes!
Gaby
--
Junkets for bunterish lickspittles since 1998!
[EMAIL PROTECTED]
http://vanhegan.net/sudoku/
http://weblog.vanhegan.net/
On 31 Oct 2005, at 18:21, Gareth Nelson wrote:
> Unfortunately people have been brainwashed with the windows way,
> being a *nix
> user myself I loved how simple OpenBSD was to setup, but I couldn't
> picture a
> complete newbie doing it.
I started out on Atari, moved to System 7, then DOS/Wi
1 - 100 of 133 matches
Mail list logo
