On Wed, Mar 29, 2017 at 02:06:23PM +0200, Mathieu BLANC wrote:
> It also kernel panics with just this pf rules :
> # cat pf_minimal.conf
> set limit { states 10 }
> set skip on lo
> anchor "relayd/*"
On Tue, May 02, 2017 at 03:44:43PM +0200, Andre Ruppert wrote:
> Hi,
>
> Im running 6.0 amd64 on a pair of R210 with relayd, but these are R210 (II).
>
> No kernel panics at all, and these systems are working in a live
> environment...
>
> Regards
> Andre
Hi,
Yes, i have also several OpenBSD o
On Tue, May 02, 2017 at 05:03:20PM +, Stuart Henderson wrote:
> Probably the best thing to do at this point is to write a mail to bugs@:
>
> 1. describe what the machine is doing in detail. carp? ipsec? pfsync?
> what sort of relays? include config (sanitized if necessary, but do that
> consis
Le 07/09/2017 à 05:59, Maxim Bourmistrov a écrit :
Hey,
Got kernel panic on 6.1-stable during ’rcctl restart relayd’.
Sorry for PNG below.
Hi,
It has been fixed with this diff :
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r1=1.1034&r2=1.1035
Le 18/01/2018 à 10:37, Mathieu BLANC a écrit :
Le 17/01/2018 à 22:24, Mik J a écrit :
Hello,
I'd like my firewall to start two instances one for ftp proxy and one
for ftp proxy.So far I have in rc.confftpproxy_flags="-D7 -v -p 8021"
I can run manually/usr/sbin/ftp-proxy -D7
Le 17/01/2018 à 22:24, Mik J a écrit :
Hello,
I'd like my firewall to start two instances one for ftp proxy and one for ftp proxy.So
far I have in rc.confftpproxy_flags="-D7 -v -p 8021"
I can run manually/usr/sbin/ftp-proxy -D7 -v -R 10.1.1.1 -p21 -b 3and the
reverse proxy works
But I would li
Hi !
I have read several mails/bug in the mailing list about reloading
relayd. But i didn't understand if all the bugs were fixed or not ?
Here is my relayd.conf (OpenBSD 5.3, amd64) :
# Global Options
interval 10
timeout 2000
log updates
std_vip_ssl1="X.X.X.X"
std_proxy="172.17.1.4"
table
Le 16/07/2013 15:53, Mathieu BLANC a écrit :
Hi !
I have read several mails/bug in the mailing list about reloading
relayd. But i didn't understand if all the bugs were fixed or not ?
[...]
If i launch the daemon with "relayd -d -vvv", and "relayctl reload
Hello misc,
With redirects in relayd, I thought that access the VIP from inside was
impossible.
With a classic conf (found in man relayd.conf) like this :
redirect "www" {
listen on www.example.com port 80
forward to check http "/" code 200
}
Relayd will create this type of rule :
pa
Hello all,
I have a pair of firewalls running 6.0 (patched with openup in october, no patch
applied since then).
Since the upgrade, this pair has some problem with kernel
panics (4 times since the upgrade in october).
The last one was this morning. The two firewall crashed at the same time with
On Mon, Mar 27, 2017 at 02:42:23PM +0200, Mathieu BLANC wrote:
> Hello all,
>
> I have a pair of firewalls running 6.0 (patched with openup in october, no
> patch
> applied since then).
>
> Since the upgrade, this pair has some problem with kernel
> panics (4 times sinc
On Tue, Mar 28, 2017 at 12:05:56PM +0300, Mihai Popescu wrote:
> Isn't there a CAPSLOOK written message at panic time on the screen?
> If not, look here:
> http://www.openbsd.org/report.html
>
I can reproduce the bug (on the slave firewall) as many times as I want.
I made some screenshots. Sorry
On Tue, Mar 28, 2017 at 02:22:28PM +0200, Mathieu BLANC wrote:
> I can reproduce the bug (on the slave firewall) as many times as I want.
>
I've just read https://www.openbsd.org/ddb.html and saw that you need a trace
for all cpu.
http://www.hostingpics.net/viewer.php?id=238876pani
On Tue, Mar 28, 2017 at 05:58:02PM +0200, Hiltjo Posthuma wrote:
> On Tue, Mar 28, 2017 at 02:39:44PM +0200, Mathieu BLANC wrote:
> > On Tue, Mar 28, 2017 at 02:22:28PM +0200, Mathieu BLANC wrote:
> > > I can reproduce the bug (on the slave firewall) as many times as I want.
&g
On Wed, Mar 29, 2017 at 10:40:08AM +0200, Mathieu BLANC wrote:
> On Tue, Mar 28, 2017 at 05:58:02PM +0200, Hiltjo Posthuma wrote:
> > On Tue, Mar 28, 2017 at 02:39:44PM +0200, Mathieu BLANC wrote:
> > > On Tue, Mar 28, 2017 at 02:22:28PM +0200, Mathieu BLANC wrote:
> > >
Hello,
I'm using relayd with Redirections (OpenBSD 5.9)
Relayd creates these rdr-to rules :
anchor "_http" all {
pass in quick on rdomain 0 inet proto tcp from any to A.B.C.D port = 80 flags
S/SA keep state (tcp.established 600) rdr-to port 80 round-robin
}
Is there a way to modify the St
On Tue, Aug 09, 2016 at 04:33:33PM +0200, Sebastian Benoit wrote:
> Mathieu BLANC(mathieu.bl...@smile.fr) on 2016.08.09 11:18:57 +0200:
> > Hello,
> >
> > I'm using relayd with Redirections (OpenBSD 5.9)
> > Relayd creates these rdr-to rules :
> > anchor &q
On Wed, Mar 19, 2014 at 10:22:43AM +, Zé Loff wrote:
> As far as I can tell, if a commented line on ipsec.conf ends with "\"
> then the following line will also be considered a comment (if the next
> line also ends with "\" the commenting is propagated). For example
>
> #ike esp from A.A.A.A
Hello !
I have an OSPF setup with 4 routers :
INTERNET
||
C1 C2
||
O1 O2
||
NE1 NE2
C1 and C2 are Cisco Routers, O1 and O2 OpenBSD.
OSPF is used between C1/C2/O1/O2
NE1 is the network managed by O1, NE2 the network managed by O2.
C1 and C2 distribute a default route to O1/O2 (s
On 06/12/2012 06:38 PM, Peter N. M. Hansteen wrote:
Myles Merrell writes:
Recently, we noticed all of our network traffic inside the
firewall slowed down to the point where it was difficult to access anything.
After some nosing around we noticed that f2, the em2 interface which is using
CARP p
Hi,
(i'm really sorry for my english, i'll do my best ! :)
It seems it's a frequent question, but i want to be sure about the setup.
I read all this thread, which was very interesting about CARP and OSPF :
http://marc.info/?l=openbsd-misc&m=125958449232344&w=4
I have a similar setup :
Two Ope
Le 03/09/2011 12:35, Stuart Henderson a icrit :
On 2011-09-02, Mathieu BLANC wrote:
I setup this, *and it seems to work well.*
Routers in network A see 2 routes to Network B : bsd1 and bsd2.
For example :
First route : bsd1
Second route : bsd2
bsd1 is the master carp on network B.
So the
Le 05/09/2011 19:30, Stuart Henderson a icrit :
On 2011-09-05, Mathieu Blanc wrote:
So the ingoing traffic goes into bsd1, and the servers now use bsd2 to
go out.
Is it not a problem ? In terms of firewalling for example (keep state ?
will bsd2 authorize the trafic which is initiated by
Hello,
I try to do some traffic accounting with my OpenBSD 4.9.
The goal : know how much traffic a web server sent behind the firewall.
Here is an example :
ClientA <-> FW OpenBSD <> WebServerA (192.168.1.10)
I tried to do this in my very simple pf.conf (not in production :] )
pass
ma
Le 19/09/2011 02:33, Simon Chang a icrit :
Hello,
Hi,
Instead of driving yourself crazy with labelling traffic, one very
simple way is to use pfstat. The package will even generate
good-looking graphs for you and you can post them anywhere you wish.
When I looked to pfstat, I didn't see th
Hello everybody,
I updated my openbsd firewalls (two carp-ed fw) last month (May 24th) to
4.9 release. I don't know if this is related, but i have a significant
numbers of "watchdog timeout" errors in logs (the master becomes slave
when the error appears).
Before the update, i've just seen t
26 matches
Mail list logo
