Hi,
I'm not 100% clear if i got you right. but if I'm right you have to do the
"redistribute default" on your 2 external firewalls. because the openbsd box
needs the default route (to the internet) not the other way round...
ExtFw has (static?) route to the ISP. OpenBSDFw gets default route
dynam
hi,
maybe synproxy is conflicting somehow with rdr states? try keep state
instead, just to test it... but I'm not sure. As dan said, do a "block log
all" and run tcpdump on pflog0 while you'r trying to connect.
you can also do this, i like tagging :)
rdr on $ext_if proto tcp from any to $ext_if
hi,
MTU on ethernet vlan interfaces are also 1500. the vlan tag overhead is
handled by the switch and NIC. you do not have to care about that.
run tcpdump on all interfaces and look for the ospf hello packets... and can
you please post the logs... ? you'r not getting any neighbors with "ospfctl
Hi,
I've the same problem for over 2 years now, never figured it out. Did not
invest much time though :-)
I tried it with multicast and unicast, currently its like that:
host 1
/usr/sbin/dhcpd -y 172.16.106.252 -Y 172.16.106.253 vlan703
host 2
/usr/sbin/dhcpd -y 172.16.106.253 -Y 172.16.106.252
Hi,
Not sure, never tried it myself but I think you need to set advskew to the
same for all carp nodes. you have it on 100 and 0.
greets
marco
On Mar 18, 2012, at 3:09 PM, Joao Ronaldo wrote:
> Hi,
>
> I followed the instructions in the carp man page example to setup a pair
> of firewalls in ac
"rndc flush" it's working again for some hours. may theres a
problem with "recursive querys" or "updates"?
thanks and kind regards
marco fretz
Hi everyone,
Any idea, why there is no information about ospf6d and no binary but a
/etc/ospf6d.conf? I want to run ospfd (the OpenBSD ospfd, not the zebra
one) for IPv6.
Thanks for any feedback.
Best regards
Marco
Johan Beisser wrote:
On Fri, Aug 8, 2008 at 2:59 PM, phoenixcomm <[EMAIL PROTECTED]> wrote:
Hi Gang,
well heres my 3 cents,
first why use a stupid PC (any os) for routing.. REALY BAD jue,jue brake
down and buy a old Cisco 7200, 7500, 3600 they are all very good routers, I
used a 7500 for a
Claudio Jeker wrote:
On Mon, Aug 11, 2008 at 01:14:53PM +0200, Marco Fretz wrote:
Johan Beisser wrote:
On Fri, Aug 8, 2008 at 2:59 PM, phoenixcomm <[EMAIL PROTECTED]> wrote:
Hi Gang,
well heres my 3 cents,
first why use a stupid PC (any os) for routing.. REALY BAD jue,jue
brake
do
Henning Brauer wrote:
* Marco Fretz <[EMAIL PROTECTED]> [2008-08-13 09:31]:
Ok, ok. What I said was what Cisco says
as in, lies, lies, lies.
They call it "marketing".
Cisco hardware is much more reliable than PCs
I can't second that. Cisco and good PC hardware are
hi alec,
alexander lind wrote:
> Is it possible to have two OpenBSD bridging firewalls work together
> with CARP now?
What do you mean by "work together"? Only fail-over? load-share?
>
> In the past I know it has been impossible to use CARP between two
> bridging firewalls, but reading the
alexander lind wrote:
> On Aug 20, 2008, at 12:06 AM, Marco Fretz wrote:
>
>>> Is it possible to have two OpenBSD bridging firewalls work together
>>> with CARP now?
>>
>> What do you mean by "work together"? Only fail-over? load-share?
>
> Fa
Hello
Iv've the following problem in PF with NAT / Filtering, OpenBSD 4.4
(-current):
pf nat rule:
nat log on bge0 inet from 172.16.12.128/27 tag natted -> 88.82.xx.xx
pf filter rule:
pass log quick all flags S/SA keep state tagged natted
the packed is dropped by my default deny rule (the rule
Hello
I want to use relayd on OpenBSD 4.3 Release (i386). I've the problem,
that relayd exits as soon as all checked hosts are down. The problem was
described by this post: http://thread.gmane.org/gmane.os.openbsd.misc/142876
So I tested relayd in openbsd -current (4.4 beta i think) and it works
Chris Smith wrote:
> On Wednesday 16 July 2008, Marco Fretz wrote:
>> pf nat rule:
>> nat log on bge0 inet from 172.16.12.128/27 tag natted -> 88.82.xx.xx
>>
>> pf filter rule:
>> pass log quick all flags S/SA keep state tagged natted
>
> FWIW, you no lon
hi
thanks. yes i did so, but OpenBSD 4.4 -current is not really stable at
the moment :(
relayd in 4.3 is buggy and i cant find a patch...
marco
Stuart Henderson wrote:
> On 2008-07-16, Marco Fretz <[EMAIL PROTECTED]> wrote:
>> So I tested relayd in openbsd -current (4.4 beta
Stuart Henderson wrote:
> On 2008/07/18 16:13, Marco Fretz wrote:
>> thanks. yes i did so, but OpenBSD 4.4 -current is not really stable at
>> the moment :(
>
> if you find -current unstable, you need to give some information
> about why, otherwise there is no hope of
Henning Brauer wrote:
> * Marco Fretz <[EMAIL PROTECTED]> [2008-07-18 16:15]:
>> thanks. yes i did so, but OpenBSD 4.4 -current is not really stable at
>> the moment :(
>
> 4.4-beta is supposed to be stable, and if it is not, where is your report?
>
I must ad
my mail wrote:
> i have success build OpenBSD 4.3 ISO using floppy43.fs, and after testing,
> this iso work perfectly.
>
> but when i build OpenBSD 4.3 ISO using cd43.iso, my ISO can't boot, i have
> using options -no-emul-boot because this file to large.
>
> it's possibel to using cd43.iso whe
hello
i need an a feedback to the following situation:
i want to script a backup script with bash script. a script that reads a
file / database that contains the backup jobs (remote server, remote
user, remote dir, ...).
i think, that file would contain about 10-30 rows. additionally i want
to t
hello
i had a well known problem, but no idea how to build a "correct"
solution.
we have a lot of linux and bsd servers at our isp. i have to backup data
from these systems to a remote system.
the backup server (storage server) has access to remote systems (data
sources) over ssh and public key
, Stuart Henderson wrote:
> On 2006/03/22 13:24, Marco Fretz wrote:
> > my problem, this user has no access to some files
> > in /etc, /usr/local/etc, and so on. so what to do?
>
> Give the user read-access to those files...?
>
> > my problem now i had to transfer
at 01:24:33PM +0100, Marco Fretz wrote:
> > hello
> >
> > i had a well known problem, but no idea how to build a "correct"
> > solution.
> >
> > we have a lot of linux and bsd servers at our isp. i have to backup data
> > from these systems
hello
i involve the following command on my backup server. on the remote
machine i set up backup user in sudoers to allow execute of rdiff-backup
--server without password.
# rdiff-backup -v2 --remote-schema "ssh -C %s 'sudo /usr/bin/rdiff-
backup --server'" [EMAIL PROTECTED]::/etc test/
after s
hello
i've got a little problem. i have to remove some files in a shell script
that or not owned or writable by the user the shell script runs.
is there a way to give this user write access only to the files needed
to remove by the shell script (with sudo nopasswd)?
thanks and kind regards
mar
hello there
we are planning a medium lan party with about 200 - 300 clients. it's a
normal gamer lan party but there will be a lot of traffic.
we will habe about 6 subnets (like 10.5.0.0/24, 10.6.0.0/24, and so on)
that we have to route under each other. if we get a good sponsor we may
habe some
rieb tony sarendal:
> On 29/01/06, Marco Fretz <[EMAIL PROTECTED]> wrote:
>
> > hello there
> >
> > we are planning a medium lan party with about 200 - 300 clients. it's a
> > normal gamer lan party but there will be a lot of traffic.
> >
> > we wi
next request for this ip
will go to the same adress. so carp has do do "mac faking"? is carp
"flooding" the subnet with random mac adresses for the same ip?
thanks, regards
marco
Am Sonntag, den 29.01.2006, 13:59 + schrieb tony sarendal:
> On 29/01/06, Marco Fretz <[EMA
this, i will
post some links to cacti network graphs and some test results.
i will start work in a few weeks. if i get some further questions, i
will post them here...
thanks
marco
Am Sonntag, den 29.01.2006, 09:50 -0500 schrieb Jason Dixon:
> On Jan 29, 2006, at 6:22 AM, Marco Fre
hello there
short question: what are actually the supported gigabit nics to pull
out .1q vlans on an openbsd machine?
thanks and best regards
marco
so i can use a cheap d-link gigabit card an can pull out vlans from a
cisco switch?
On Mon, 2006-01-30 at 18:42 +1100, Damien Miller wrote:
> Marco Fretz wrote:
> > hello there
> >
> > short question: what are actually the supported gigabit nics to pull
> > out .1q
im really not sure, but i think the secound cpu is not found at the same
time in boot process as the first. i had an ibm intellisation with 2
cpus. the sec cpu was listed in dmesg after mounting fs.
you dont see sec cpu in # top?
any one knows thats ok?
On Mon, 2006-01-30 at 12:15 +0400, Bruno
hello there
anyone did some performance test on this linksys card? i want to buy it
for vlan routing? i neet performance up to 500 MBit/s. can i use it for
this?
thanks, regards
marco
ect 0:00 0.00% sshd
> 8774 root 20 280K 488K idle select 0:00 0.00% inetd
> 882 root 20 1476K 532K idle netio0:00 0.00% named
>
>
> On 1/30/06, Marco Fretz <[EMAIL PROTECTED]> wrote:
> > im really not sure, but i think the secound
Hi,
I'm using relayd as inbound loadbalancer for about 50 websites and
webservices, https and http. All worked fine in the past few years.
I'm on OpenBSD 4.7 Generic. Currently I've configured 59 redirects.
They are working as expected but as soon as I add another redirect in
the config the last r
Hi,
Just upgraded to 4.9 and problem is solved, now. I read in the changelog,
there was a bug till 4.8 and solved in 4.9. Moving to 4.9 was good idea
anyway as I still used 4.7 :-)
Thanks for the off-list replies...
Marco
On Jun 15, 2011, at 3:32 PM, Marco Fretz wrote:
> Hi,
>
>
Hi,
I have a problem with ipv6 connections and firewalls with enabled
pfsync defer. IPv4 inital packets are forwarded without noticeable
delay. IPv6 inital packes are delayed by 0.5-2 seconds.
The situation looks like this:
2 firewalls at main site
2 firewalls at remote site
firewalls are redun
37 matches
Mail list logo
