The current one is great. Functional and easy to use, much like the OS
itself. No reason to fix it if it's not broken.
On 9/7/05, Siju George [EMAIL PROTECTED] wrote:
Hi,
One of my friends sent me this new OpenBSD website design he created.
Please have a look at it :-D
On Wed, Sep 07, 2005 at 07:27:24PM -0401, yippy ya yah wrote:
trying to get a ppp tunnel over ssh working
server/gateway
---
ip.inet.net.forwarding=1
/etc/ppp/ppp.conf
vpn:
allow mode direct
set ifaddr 10.1.1.1 10.1.1.2 255.255.255.255
/etc/sudoers:
pppuser
El mensaje que ha enviado a la lista 'Apc.lac' y que versa sobre:
(sin asunto)
Ha sido retenido en espera de que el moderador de la lista lo revise y
lo apruebe.
Ha sido retenido por:
Mensaje dirigido a una lista privada procedente de una direccisn
que no pertenece a la lista
O se
On 09/08/05 06:29, Bruno S. Delbono wrote:
Siju George wrote:
Hi,
One of my friends sent me this new OpenBSD website design he created.
Please have a look at it :-D
http://mayuresh.freeshell.org/openbsd/
Fresh and neat. I like it.
Very well structured. A linear setup so people can read
Quoting Siju George [EMAIL PROTECTED]:
Hi,
One of my friends sent me this new OpenBSD website design he created.
Please have a look at it :-D
http://mayuresh.freeshell.org/openbsd/
Thankyou so much
Kind Regards
Siju
It's clean and far more viewable in (e)links.
I would change the
good morning
i'll have to build a complete firewall solution with OpenBSD.
wich products do you prefer for sedcurity proxy integration
for HTTP, FTP, POP, SMTP and GENERIC ?
Thanks for answers
florian
squid
-Original Message-
From: Florian [mailto:[EMAIL PROTECTED]
Sent: donderdag 8 september 2005 11:49
To: misc@openbsd.org
Subject: firewall products
good morning
i'll have to build a complete firewall solution with OpenBSD.
wich products do you prefer for sedcurity proxy
recompiling sshd with
includes.h:#define USE_PIPES 1
removed would also help.
i think it's better to fix ppp(8)
I'm using a spam blocking setup utilizing procmail, relaydb,
spamd-setup and pf.
The problem is that if I specify DROPPRIVS in my /etc/procmailrc:
DROPPRIVS=yes
:0fw
| /usr/local/bin/spamc
:0c
* ^X-Spam-Status: Yes
| /usr/local/bin/relaydb -b
:0:
* ^X-Spam-Status: Yes
in-x-spam
:0c
|
On 9/8/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Quoting Siju George [EMAIL PROTECTED]:
Hi,
One of my friends sent me this new OpenBSD website design he created.
Please have a look at it :-D
http://mayuresh.freeshell.org/openbsd/
Thankyou so much
Kind Regards
Siju
ok, squid, but what about POP and SMTP ?
Thanks to the kind help on this list, my test firewall successfully runs
OpenBSD 3.7 and is basically configured. I now need to think about
migrating my existing netfilter rule set to pf and would like to ask
also some general questions to understand the concept(s) suffiently.
If I understand
I like the new design better. Looks better in Lynx too.
--ja
--
On Thu, Sep 08, 2005 at 02:53:57PM +0200, Florian wrote:
ok, squid, but what about POP and SMTP ?
spamd(8) is something like a SMTP proxy
reyk
--
/* .vantronix|secure systems - (research development)
* reyk floeter - friendly known free software engineer
* [EMAIL PROTECTED] -
On 8 Sep 2005, at 13:55, Stephan A. Rickauer wrote:
Thanks to the kind help on this list, my test firewall successfully
runs OpenBSD 3.7 and is basically configured. I now need to think
about migrating my existing netfilter rule set to pf and would like
to ask also some general
Jakob Schlyter schrieb:
On Thu, 8 Sep 2005, Matt Jibson wrote:
I believe that Ethereal has improved greatly since when it was
removed from
ports.
surely, but has security improved? does it have privsep? until that
has changed, ethereal will not come back. sorry.
jakob
Then drop
We use Postfix to handle incoming and outgoing mail routing (with some
cbl's). POP we just use dovecot on our mail server... we don't do
anything to proxy it...
On Thu, 8 Sep 2005 14:53:57 +0200
Florian [EMAIL PROTECTED] wrote:
ok, squid, but what about POP and SMTP ?
--
Bill Chmura
On Thu, Sep 08, 2005 at 03:10:41PM +0200, Sebastian .Rother wrote:
surely, but has security improved? does it have privsep? until that
has changed, ethereal will not come back. sorry.
jakob
Then drop all ports!
Has Gnome Priv-Sep? hydra? nmap? KDE? xpdf? XMMS? mplayer?
No one
Hi,
You can use rdr pass rules so you only have 1 rule setting
I Don't know if you can use logging on that rule
Kind regards
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Gaby vanhegan
Sent: donderdag 8 september 2005 15:05
To: misc@openbsd.org
Florian wrote:
ok, squid, but what about POP and SMTP ?
Hmm, Proxy for smtp?
What about sendmail, postfix, qmail, etc?
Almost every MTA should work as a smtp proxy (i.e. is a smtp proxy)
Proxy for pop?
Never used one of them
but have you looked at
balance-2.33.tgz
nylon-1.2.tgz
--On 08 September 2005 14:55 +0200, Stephan A. Rickauer wrote:
If I understand correctly, pf has no 'forward' chain like netfiler
(which is probably by design).
I'm guessing at what netfilter 'forward chain' means here since
(presumably like many people here) I don't have much need to admin
Hello
On 8 Sep 2005, at 13:55, Stephan A. Rickauer wrote:
Thanks to the kind help on this list, my test firewall successfully
runs OpenBSD 3.7 and is basically configured. I now need to think
about migrating my existing netfilter rule set to pf and would like
to ask also some general
9/8/2005, Stephan A. Rickauer [EMAIL PROTECTED]
napisa3(a):
Thanks to the kind help on this list, my test firewall successfully runs
OpenBSD 3.7 and is basically configured. I now need to think about
migrating my existing netfilter rule set to pf and would like to ask
also some general questions
--On 08 September 2005 16:32 +0200, Stephan A. Rickauer wrote:
$if_in=xl0
$if_out=xl1
pass in on $if_in keep state
pass out on $if_out keep state
Ok, let's stick to that example. Imagine a firewall having three
interfaces connecting Internet, LAN and DMZ. When I would like to
allow SMTP
From: Stephan A. Rickauer [mailto:[EMAIL PROTECTED]
Gaby vanhegan wrote:
$if_in=xl0
$if_out=xl1
pass in on $if_in keep state
pass out on $if_out keep state
Ok, let's stick to that example. Imagine a firewall having three
interfaces connecting Internet, LAN and DMZ. When I would
Bruno == Bruno Rohee [EMAIL PROTECTED] writes:
Bruno Capturing traffic by some other mean then analysing it with
Bruno Ethereal under an unprivileged account might be safe,
Bruno actually capturing an analysing traffic with Ethereal is
Bruno definitely not, given its architecture
Making, drinking tea and reading an opus magnum from Roy Morris:
[Charset ISO-8859-1 unsupported, filtering to ASCII...]
I know this is not 'exactly' openbsd directly related but
I'll give it a go anyway. I am trying to copy remote 2
remote, basically to change the name of a file. It appears
The patch for tethereal(1) is at
http://www.linbsd.org/setuid_tethereal.patch
This only works for capture mode. It takes an extra -u option for the
user. So create user _ethereal then run
tethereal -Nn -tad -u _ethereal -w foo
or decode the output. Either way this should remove the issue of
On 2005-09-08 16:51, Gaby vanhegan wrote:
On 8 Sep 2005, at 15:32, Stephan A. Rickauer wrote:
Gaby vanhegan wrote:
$if_in=xl0
$if_out=xl1
pass in on $if_in keep state
pass out on $if_out keep state
Ok, let's stick to that example. Imagine a firewall having three
interfaces connecting
Just read :DTrace comes to FreeBSD.
(http://bsd.slashdot.org/article.pl?sid=05/09/08/1217229tid=102tid=7tid=218)
Any chance to see it in here; one day ?
Would be cool ... wouldn't it ?
Or do we see licence problems ?
Just asking,
Uwe
i think the idea is that src-host has to have pubkey auth to
the dst-host and make sure src knows dst's hostkey too!
cu
what I did was use sftp with the -b option. As you mention
as long as the public key auth is in place, it all works as
expected.
Thanks
Rm
Stephan A. Rickauer wrote:
Gaby vanhegan wrote:
$if_in=xl0
$if_out=xl1
pass in on $if_in keep state
pass out on $if_out keep state
Ok, let's stick to that example. Imagine a firewall having three
interfaces connecting Internet, LAN and DMZ. When I would like to
allow SMTP traffic to my
On 9/8/05, Roy Morris [EMAIL PROTECTED] wrote:
I know this is not 'exactly' openbsd directly related but
I'll give it a go anyway. I am trying to copy remote 2
remote, basically to change the name of a file.
If you are working with remote files only, and you know they exist,
why not just use
On 8 Sep 2005, at 16:13, Erik Wikstrvm wrote:
# Put this macro at the top
if_dmz=xl2
# Later on in the ruleset, deny everything but smtp to the DMZ
block in on $if_dmz keep state
pass in on $if_dmz from any to 1.2.3.4 port smtp keep state
Wouldn't that block traffic from the SMTP-server
Hi,
Im running 3.5 (will install 3.7 soon) and I got slow transfer on a
computer since the last time I rebooted my router.
First there is 2 computers on 2 differents networks
Computer1 (10.10.0.2) --- (10.10.0.5) OpenBSD 3.5 router --- (10.10.0.1)
Novell router (10.0.0.1) --- Computer2
Hi Stephan,
Well, if I suggested to port netfilter to OpenBSD I would most
probably be killed in seconds. ;)
If you're lucky. ;-)
You might want to check http://openbsd.unixtech.be/books.html and more
specifically get a hold of Jacek's book.
HTH... Nico
On Sep 8, 2005, at 11:22 AM, Uwe Dippel wrote:
Just read :DTrace comes to FreeBSD.
(http://bsd.slashdot.org/article.pl?
sid=05/09/08/1217229tid=102tid=7tid=218)
Is *coming to* and *comes to* are two different things. Devon just
started on this, there's no idea how long or if it will ever
Roy Morris wrote:
I know this is not 'exactly' openbsd directly related but
I'll give it a go anyway. I am trying to copy remote 2
remote, basically to change the name of a file. It appears
that the first half of the command works fine but the
second half get an authentication failure. I am not
On Thu, Sep 08, 2005 at 07:25:52AM -0600, jared r r spiegel wrote:
mis-format on the two configs, please split them thus:
-[peer a]
[general]
#default-phase-1-id=id1hklocal
[phase 2]
connections=cx
[id1p54c]
id-type=user_fqdn
I change MAC on current/macppc with ifconfig gem0 lladdr MAC
and networking stop working, i run tcpdump to see what happens
and networking works again while tcpdump is running, if i run
tcpdump -p network won't work.
Looks like after MAC change NIC works only in promiscuous mode.
Without MAC
[ using 323864 bytes of bsd ELF symbol table ]
console out [ATY,Bee_A]console in [keyboard] ADB found
using parent ATY,BeeParent:: memaddr 9800 size 800, : consaddr
9c008000, : ioaddr 9002, size 2: memtag 8000, iotag 8000: width
1024 linebytes 1024 height 768 depth 8
Copyright
try running arp -da
-Ober
On Thu, 8 Sep 2005, Troex Nevelin wrote:
I change MAC on current/macppc with ifconfig gem0 lladdr MAC
and networking stop working, i run tcpdump to see what happens
and networking works again while tcpdump is running, if i run
tcpdump -p network won't work.
Looks
On Thursday 08 September 2005 01.28, yippy ya yah wrote:
trying to get a ppp tunnel over ssh working
server/gateway
---
ip.inet.net.forwarding=1
/etc/ppp/ppp.conf
vpn:
allow mode direct
set ifaddr 10.1.1.1 10.1.1.2 255.255.255.255
/etc/sudoers:
pppuser ALL =
On 8 SEN 2005, at 21:10, ober wrote:
try running arp -da
This is not an ARP problem, because i change MAC before bringing up
network and i tried arp -da but i didn't help, as i said NIC begins
to work
only in promiscuous mode
--
born to create future
Troex Nevelin ([EMAIL
(pardon, this mail may become a dup)
On Wed 2005.09.07 at 19:27 -0401, yippy ya yah wrote:
trying to get a ppp tunnel over ssh working
as you've received other replies, i've been using the inetd loopback
trick for sometime now. yes, as it was noted, ugly. but it was a quick
workaround for
Hi all,
I'm having problems implementing round-robin on a carp interface.
The rule that I have is
rdr on $ext_if proto tcp from any to $carp5 port 80 \
- { $web_srvr1, $web_srvr2 } round-robin sticky-address
Does this look correct?, it works if I remove:
{ $web_srvr1, $web_srvr2 }
Does anyone know what is the max length of the preshared key in
Authentication= field? A pointer to a IKE RFC would be also nice, if the key
size is defined somewhere. Google told me some Ciscos accept up to 48
characters as PSK, but couldn't find anything more specific.
I'm trying to connect to
I posted the following message to misc@ last May 31 but got no replies.
The problem has gotten worse, even though I've now raised
kern.maxfiles=16384
kern.maxvnodes=16384.
Here is the original message, with a current dmesg and /etc/sysctl.conf:
Hi all,
This morning httpd was failing to
On 9/8/05, Jeff Ross [EMAIL PROTECTED] wrote:
I posted the following message to misc@ last May 31 but got no replies.
The problem has gotten worse, even though I've now raised
kern.maxfiles=16384
kern.maxvnodes=16384.
Here is the original message, with a current dmesg and
fd leak in apache?
on one of our reverse proxies we have MaxKeepAliveRequests and
MaxRequestsPerChild set so as to make it difficult to leak. This made
our proxy go from running out of 4000 fds in a day to averaging about
120 fds in use.
From what I've seen it's usually MaxRequestsPerChild
On Thu, 08 Sep 2005 15:05:11 -0600 Jeff Ross [EMAIL PROTECTED] wrote:
I posted the following message to misc@ last May 31 but got no
replies. The problem has gotten worse, even though I've now raised
kern.maxfiles=16384
kern.maxvnodes=16384.
Don't forget to make sure your login.conf lets
Hey folks,
i am using obsd for a shell server access. For monitoring daemons, i
use DJB daemontools. What i dislike about it, is:
0) Very high process overhead, i.e., each pair daemon,log process
requires 2 other process for monitoring, and
1) djb license: i believe the old abd good BSD one.
On Thu, 8 Sep 2005, Gustavo Rios wrote:
Ok, i see! What, then, should i address more?
There is no guarantee that 3rd party code will be included in OpenBSD.
Frankly, the odds are against importing random software into base unless
it is quite wonderful, but getting software in to ports is
On Thu, 8 Sep 2005, Uwe Dippel wrote:
Any chance to see it in here; one day ?
if somebody does it..
--
And that's why we've come to you.
54 matches
Mail list logo