Re: Interface modifiers in pf.conf

On Thu, Sep 27, 2018, at 06:16, Theo de Raadt wrote: > =?utf-8?Q?Per-Olov=20Sj=C3=B6holm?= wrote: > > > I can in the man page fr PF see: > > > > --snip-- > > Interface names, interface group names, and self can have > > modifiers appended: > > > > :0

Re: Virtual interfaces with own MACs

On Wed, Sep 26, 2018, at 15:51, Jarkko Oranen wrote: > On Wed, 2018-09-26 at 14:45 +0200, Paul de Weerd wrote: > > > > > > Note that I haven't tried this .. may need some tweaking. > > > I have pretty much exactly this setup except vether1 is in a separate > rdomain to avoid issues with the

Interface modifiers in pf.conf

Hi I can in the man page för PF see: --snip-- Interface names, interface group names, and self can have modifiers appended: :0 Do not include interface aliases. :broadcast Translates to the interface's broadcast address(es).

Virtual interfaces with own MACs

Hi I want to receive 2 IPs that are mine from the ISP (I have to supply 2 MACs) over DHCP. They have a problem letting me add them permanent without dhcp as their snooping blocks my connection if not using dhcp. I want to use just one physical interface as I do not have more 10Gbit

PF, CPU cores and usage of CPU turbo

Hi you OpenBSD pro:s… I have question regarding PF and thread use in kernel. If I got it right PF is single thread. Today the firewall I use uses a Jetway JNF9HG-2930 longlife 4 core N2930 @ 1.83GHz Celeron mainboard. It runs an OpenBSD 6.2 stable SMP kernel as I have not seen a penalty to

Looking for libraries

Hi I just upgraded to 6.2… Anyone that knows what packages I can find the following libs in: libpthread.so.22.0 libc.so.88.0 libm.so.9.0 I used this https://beta1.bredbandskollen.se/download/bbk_cli_openbsd on 6.0, but don’t have a

Re: Gbit performance parameters

> On 13 Jul 2017, at 12:27, Hrvoje Popovski <hrv...@srce.hr> wrote: > > On 13.7.2017. 0:26, Per-Olov Sjöholm wrote: >> I increased net.inet.ip.ifq.maxlen in steps of 256… I had to increase the >> net.inet.ip.ifq.maxlen 9 times to 2309 for the net.inet.ip.ifq.d

Re: Gbit performance parameters

> On 12 Jul 2017, at 19:25, Claudio Jeker <cje...@diehard.n-r-g.com> wrote: > > On Wed, Jul 12, 2017 at 06:07:28PM +0200, Per-Olov Sjöholm wrote: >> Hi >> >> I have seen net.inet.ip.ifq.drops on my firewall after upgrading the >> internet connectio

Gbit performance parameters

Hi I have seen net.inet.ip.ifq.drops on my firewall after upgrading the internet connection and therefor try to tweak it a little. The FW has 4 (but only two used) physical Intel Gig interfaces. The internal interface has a bunch of VLANs on it. IPv6 is enabled. I have a linux 8 core Intel

Re: Separate VLAN from untagged traffic.

-- GPG keyID: 9429C093 GPG fingerprint: 5F37 4298 A07F C614 647B 458C A756 5C4E 9429 C093 > On 7 Jul 2017, at 16:07, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> > wrote: > > On 07/07/17 15:35, Per-Olov Sjöholm wrote: >> Hi >> >> I have config like t

Separate VLAN from untagged traffic.

Hi I have config like this on an internal interface since 5 year back in time that together with my VLAN enabled Cisco and Zyxel switches route traffic around in my network. I run OpenBSD 6.0 AMD64 at the moment. cat /etc/hostname.em0 —snip-- up ### VLAN !ifconfig vlan2 inet 192.168.0.1

Re: Watchdog timeout reset in 5.1 on intel nic:s

On 23 maj 2012, at 10:14, Mark Kettenis wrote: Problem seems to be found A change of int intr_shared_edge; to int intr_shared_edge = 1; in i386/machdep.c plus kernel recompile solves the problem. Can you post the dmesg of this fixed kernel? Hi Of course The hardware is

Re: Watchdog timeout reset in 5.1 on intel nic:s

On 23 maj 2012, at 16:29, Mark Kettenis wrote: From: =?iso-8859-1?Q?Per-Olov_Sj=F6holm?= p...@incedo.org Date: Wed, 23 May 2012 11:27:34 +0200 On 23 maj 2012, at 10:14, Mark Kettenis wrote: Problem seems to be found A change of int intr_shared_edge; to int intr_shared_edge = 1;

Re: Watchdog timeout reset in 5.1 on intel nic:s

On 19 maj 2012, at 20:09, Per-Olov Sjvholm wrote: On 19 maj 2012, at 17:58, Garry Dolley gdol...@arpnetworks.com wrote: On Sat, May 19, 2012 at 04:40:08PM +0200, Per-Olov SjC6holm wrote: On 19 maj 2012, at 08:11, Garry Dolley gdol...@arpnetworks.com wrote: On Sat, May 19, 2012 at

Re: Watchdog timeout reset in 5.1 on intel nic:s

On 19 maj 2012, at 16:31, Kenneth R Westerback kwesterb...@rogers.com wrote: On Fri, May 18, 2012 at 11:11:07PM -0700, Garry Dolley wrote: On Sat, May 19, 2012 at 01:54:54AM +0200, Per-Olov Sjvholm wrote: I don't have any clues. I wasn't able to reproduce the problem, even though one

Re: Watchdog timeout reset in 5.1 on intel nic:s

On 19 maj 2012, at 08:11, Garry Dolley gdol...@arpnetworks.com wrote: On Sat, May 19, 2012 at 01:54:54AM +0200, Per-Olov Sjvholm wrote: On 17 maj 2012, at 12:53, Garry Dolley wrote: On Thu, May 17, 2012 at 03:19:07AM -0700, Garry Dolley wrote: On Fri, May 11, 2012 at 09:13:30AM -0400, Simon

Re: Watchdog timeout reset in 5.1 on intel nic:s

On 19 maj 2012, at 17:58, Garry Dolley gdol...@arpnetworks.com wrote: On Sat, May 19, 2012 at 04:40:08PM +0200, Per-Olov SjC6holm wrote: On 19 maj 2012, at 08:11, Garry Dolley gdol...@arpnetworks.com wrote: On Sat, May 19, 2012 at 01:54:54AM +0200, Per-Olov Sjvholm wrote: On 17 maj 2012,

Re: Watchdog timeout reset in 5.1 on intel nic:s

On 17 maj 2012, at 12:53, Garry Dolley wrote: On Thu, May 17, 2012 at 03:19:07AM -0700, Garry Dolley wrote: On Fri, May 11, 2012 at 09:13:30AM -0400, Simon Perreault wrote: On 2012-05-11 04:15, Garry Dolley wrote: I now have an amd64 test VM set up, where I installed stock 5.0. I ran a lot

Re: bnx support

On 16 maj 2012, at 01:42, Brad Smith wrote: On 15/05/12 5:44 PM, Per-Olov Sjvholm wrote: Hi Looking at the man page for em and bnx drivers On em I can read it supports jumbo frames. But bnx man page says nothing about this. Does it mean it's just missing in the man page or is it the fact

bnx support

Hi Looking at the man page for em and bnx drivers On em I can read it supports jumbo frames. But bnx man page says nothing about this. Does it mean it's just missing in the man page or is it the fact that bnx wont support jumbo frames? Tnx Per-Olov

Re: Watchdog timeout reset in 5.1 on intel nic:s

On 11 maj 2012, at 11:16, Stuart Henderson wrote: On 2012/05/11 01:15, Garry Dolley wrote: On Thu, May 10, 2012 at 03:31:27PM +0100, Stuart Henderson wrote: In gmane.os.openbsd.misc, Garry Dolley wrote: On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote: On 2012-05-08 19:08,

Re: Watchdog timeout reset in 5.1 on intel nic:s

On 10 maj 2012, at 19:18, mxb wrote: On 05/10/2012 09:14 AM, Garry Dolley wrote: On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote: On 2012-05-08 19:08, Per-Olov Sjvholm wrote: It says em1: watchdog timeout -- resetting aol I saw the same on an amd64 VPS from

Watchdog timeout reset in 5.1 on intel nic:s

Hi I have an OpenBSD 4.9 i386 stable (patched to aug 19 2011) running as virtual in KVM with VTd (PCI passthrough by using pci-stub) for two intel NICs. It's running flawless. The KVM host (fully patched Redhat 6.2) have two extra Intel PRO/1000 MT (82574L) that is given out to the OpenBSD

Re: Expected throughput in an OpenBSD virtual server

On 24 aug 2011, at 12:01, Patrick Lamaiziere wrote: Le Tue, 23 Aug 2011 19:21:32 +0200, Per-Olov SjC6holm p...@incedo.org a C)crit : Hello, Here we reach 400 MBits/s with a CPU rate ~70% but we run OpenBSD 4.9. How fast is your CPU ? cpu0: Intel(R) Xeon(R) CPU E5520 @ 2.27GHz, 2261.30

Re: Expected throughput in an OpenBSD virtual server

On 23 aug 2011, at 19:30, Tomas Bodzar wrote: On Tue, Aug 23, 2011 at 7:21 PM, Per-Olov Sjvholm p...@incedo.org wrote: On 23 aug 2011, at 10:54, Patrick Lamaiziere wrote: Le Mon, 22 Aug 2011 22:49:47 +0200, Per-Olov SjC6holm p...@incedo.org a C)crit : Hello, Have not tried current, but will

check status of mpbios

Hi Is there a way to check status if the mpbios is enabled or disabled ? I Checked man config, tried find and list in UKC This is seen in a dmesg, but doesn't say if it's enabled or not... --snip-- root@xanadu:~#dmesg |grep -i mpbios mpbios0 at bios0: Intel MP Specification 1.4 mpbios0: bus

Re: Expected throughput in an OpenBSD virtual server

On 24 aug 2011, at 19:13, Tomas Bodzar wrote: On Wed, Aug 24, 2011 at 7:00 PM, Per-Olov Sjvholm p...@incedo.org wrote: On 23 aug 2011, at 19:30, Tomas Bodzar wrote: On Tue, Aug 23, 2011 at 7:21 PM, Per-Olov Sjvholm p...@incedo.org wrote: On 23 aug 2011, at 10:54, Patrick Lamaiziere wrote: Le

Re: Expected throughput in an OpenBSD virtual server

On 23 aug 2011, at 01:32, john slee wrote: On 22 August 2011 23:45, Per-Olov Sjvholm p...@incedo.org wrote: As http://www.openbsd.org/faq/faq6.html states, there's little you can tweak to improve your numbers; just get a nice-clocked, good cache-sized CPU and give it some loving. The FAQ

Re: Expected throughput in an OpenBSD virtual server

On 23 aug 2011, at 10:54, Patrick Lamaiziere wrote: Le Mon, 22 Aug 2011 22:49:47 +0200, Per-Olov SjC6holm p...@incedo.org a C)crit : Hello, Have not tried current, but will try current as soon as I can. Also... I will try to do some laborations with CPU speed of the core the OpenBSD virtual

Re: Expected throughput in an OpenBSD virtual server

On 22 aug 2011, at 07:45, Tomas Bodzar wrote: Try OpenBSD outside of KVM on real HW and you will see where's the bottleneck. Anyway getting 400Mbit/s under virtualization seems pretty fine or try to compare with OpenBSD running in VMware as there's fine support for that use. Of course

Re: Expected throughput in an OpenBSD virtual server

On 22 aug 2011, at 12:09, Daniel Gracia wrote: AFAIK, OpenBSD kernel is not designed accounting for any form of virtualization toy, so don't even try figuring performance numbers out of it. These will be plain wrong. As http://www.openbsd.org/faq/faq6.html states, there's little you can tweak

Re: Expected throughput in an OpenBSD virtual server

On 22 aug 2011, at 22:04, Stuart Henderson wrote: But if you can give hints of how to decrease the interrupt load I am all ears. As I see it, if the interrupt handling model i OpenBSD would change to a polling one u could maybe increase the throughput at the same processor speed (just me

Re: Expected throughput in an OpenBSD virtual server

On 22 aug 2011, at 23:28, Claudio Jeker wrote: On Mon, Aug 22, 2011 at 10:49:47PM +0200, Per-Olov Sjvholm wrote: On 22 aug 2011, at 22:04, Stuart Henderson wrote: But if you can give hints of how to decrease the interrupt load I am all ears. As I see it, if the interrupt handling model i

Expected throughput in an OpenBSD virtual server

Hi Misc # Background # I have done som fun laborations with a virtual fully patched OpenBSD 4.9 firewall on top of SuSE Enterprise Linux 11 SP1 running KVM. The Virtual OpenBSD got 512MB RAM and one core from a system with two quadcore Xeon 5504 (2Ghz) sitting in a Dell T410 Tower Server. I have

DHCP client question. bug ?

Hi misc I think there maybe is a bug in the dhcp client. I am not sure but will ask the list... I have have had the following: em0: lan static IP em1: internet interface with static IP a default route to the isp is in mygate I had to add a dhcp interface to this This means I added dhcp to

Re: 4.7 PF match problem

On 12 sep 2010, at 00.39, Per-Olov Sjvholm wrote: On 11 sep 2010, at 23.49, Per-Olov Sjvholm wrote: On 10 sep 2010, at 21.24, Peter N. M. Hansteen wrote: Per-Olov Sjvholm p...@incedo.org writes: It seems the first one is unable to convert as is seems no match in on... does not work.

Re: 4.7 PF match problem

On 10 sep 2010, at 21.24, Peter N. M. Hansteen wrote: Per-Olov Sjvholm p...@incedo.org writes: It seems the first one is unable to convert as is seems no match in on... does not work. Off the top of my head, move the rdr-to bits to your pass rules, make sure the pass rule without the

Re: 4.7 PF match problem

On 11 sep 2010, at 23.49, Per-Olov Sjvholm wrote: On 10 sep 2010, at 21.24, Peter N. M. Hansteen wrote: Per-Olov Sjvholm p...@incedo.org writes: It seems the first one is unable to convert as is seems no match in on... does not work. Off the top of my head, move the rdr-to bits to your

4.7 PF match problem

Hi I have an ongoing upgrade from 4.6 to 4.7... I have two rules like this in pf.conf : # To ORIGO no rdr on $INTERNET_INT proto tcp from any to $INTERNET_INT_IP2 port 21 rdr on $INTERNET_INT proto { tcp udp } from any to $INTERNET_INT_IP2 - $DMZ1_ORIGO It seems the first one is unable to

VIA Gigabit driver

Hi I think of buy a mini-itx motherboard containing two VIA VT6130 Gigabit ethernet cards. I have checked the hardware compatibility list, latest commits in the CVS tree and the latest current man page... Cannot find that this should work in OpenBSD as it seems that only 6122 chip is supported.

Re: PF log parser and dynamic PF rules...

On 17 feb 2010, at 12.38, Peter Hessler wrote: On 2010 Feb 17 (Wed) at 07:51:03 +0100 (+0100), Per-Olov Sjvholm wrote: :Answer correctly or don't answer at all. It seems to me that people *did* answer correctly. But, their answer was not what you wanted to hear. The answer: don't use port

PF log parser and dynamic PF rules...

Hi misc I am looking for a tool to use as a trigger for dynamically open PF ports from certain IP:s. I will access non critical info but want at least a port knocker as security. If I access an IP on my DMZ that is not in use on a port that is fake I want to dynamically add a PF rule for a

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 10.40, Claudio Jeker wrote: On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov Sjvholm wrote: Hi misc I am looking for a tool to use as a trigger for dynamically open PF ports from certain IP:s. I will access non critical info but want at least a port knocker as

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 11.04, Floor Terra wrote: Why not require a authentication token in the url? On 16 Feb 2010 10:59, Per-Olov SjC6holm pe...@incedo.org wrote: On 16 feb 2010, at 10.40, Claudio Jeker wrote: On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov... How do you use authpf from a

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 11.11, Lars Nooden wrote: http://rsug.itd.umich.edu/software/fugu/ Noop. Can't see that these will work and all phones and computers seamlessly with ease of use for the users. The reason for the post was just to see if there is already any tools for this purpose, which is

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 11.17, Bret S. Lambert wrote: There is a way to do port knocking in pf without any external help. Maybe you can figure it out. I will not give more hints since port knocking is a dumb idea better spend your time reading on authpf(8). -- :wq Claudio How do you use

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 11.17, Peter N. M. Hansteen wrote: Per-Olov Sjvholm pe...@incedo.org writes: How do you use authpf from a IPhone or similar... There are ssh clients for iphones, just look in the app store. The one i ended up installing has gone up in price it seems to (shock, horror)

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 11.44, Lars Nooden wrote: Per-Olov Sjvholm wrote: On 16 feb 2010, at 11.11, Lars Nooden wrote: http://rsug.itd.umich.edu/software/fugu/ Noop. Can't see that these will work and all phones and computers seamlessly with ease of use for the users. You appear to have

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 11.35, Bret S. Lambert wrote: On Tue, Feb 16, 2010 at 11:28:28AM +0100, Per-Olov Sj?holm wrote: On 16 feb 2010, at 11.17, Bret S. Lambert wrote: There is a way to do port knocking in pf without any external help. Maybe you can figure it out. I will not give more hints

Re: PF log parser and dynamic PF rules...

Hi again Lars... And important addition below On 16 feb 2010, at 11.44, Lars Nooden wrote: Per-Olov Sjvholm wrote: On 16 feb 2010, at 11.11, Lars Nooden wrote: http://rsug.itd.umich.edu/software/fugu/ Noop. Can't see that these will work and all phones and computers seamlessly with

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 12.06, Lars Nooden wrote: Per-Olov Sjvholm wrote: ...Or did miss something here? You missed quite a lot. I would recommend looking up the following before aggravating a larger public: client - server architecture client application server (daemon)

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 11.57, Stuart Henderson wrote: On 2010-02-16, Per-Olov Sj?holm pe...@incedo.org wrote: The reason is to use and RSS reader that cannot autenticate. I want some sort of security for it even though it's not critical. https://some.host/super-sekrit-password-here/feed.rss

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 12.07, Bret S. Lambert wrote: On Tue, Feb 16, 2010 at 11:44:12AM +0100, Per-Olov Sj?holm wrote: See my post to Peter H. You obviously have not worked with security Why? Because I'm unwilling to endorse your preferred approach? and the tradeoffs you _always_ have to make.

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 12.06, Peter N. M. Hansteen wrote: Per-Olov Sjvholm p...@incedo.org writes: None said anything about a password.. From where did you get that? I don't have a plain text password. A port knocking sequence is for most purposes a password, encoded in a 16 bit alphabet.

Re: PF log parser and dynamic PF rules...

On 16 feb 2010, at 17.17, Eugene Yunak wrote: 2010/2/16 Per-Olov Sjvholm p...@incedo.org: Hi misc I am looking for a tool use as a trigger for dynamically open PF ports from certain IP:s. I will access non critical info but want at least a port knocker as security. If I access an IP on

Re: PF log parser and dynamic PF rules...

On 17 feb 2010, at 02.07, Randal L. Schwartz wrote: Paul == Paul de Weerd we...@weirdnet.nl writes: Paul Jeez... As an asker, you don't really get to decide how or what other Paul people answer, or if they even answer at all. As I snipped off a Usenet group once: Get real! This is a

Re: spamd and /etc/mail/spamd.alloweddomains

On 26 maj 2009, at 11.05, Raimo Niskanen wrote: On Mon, May 25, 2009 at 10:45:03PM +0200, Per-Olov Sjvholm wrote: On 25 maj 2009, at 17.50, patrick keshishian wrote: On Mon, May 25, 2009 at 4:03 AM, Per-Olov Sjvholm p...@incedo.org wrote: Hi misc I was trying to add: se or *.se to

spamd and /etc/mail/spamd.alloweddomains

Hi misc I was trying to add: se or *.se to /etc/mail/spamd.alloweddomains which obviously wont work... But adding xxx.se works l really want to add the whole SE domain as we do not get that much spam from SE and will have a lot less administration. Anybody with a clue why none of

Re: spamd and /etc/mail/spamd.alloweddomains

On 25 maj 2009, at 17.50, patrick keshishian wrote: On Mon, May 25, 2009 at 4:03 AM, Per-Olov Sjvholm p...@incedo.org wrote: Hi misc I was trying to add: se or *.se to /etc/mail/spamd.alloweddomains which obviously wont work... But adding xxx.se works l really want to add the

Re: Lost sensors info when upgraded from 4.2 to 4.3

On Thursday 05 June 2008 15.42.37 you wrote: On 2008-06-05, Per-Olov Sjvholm [EMAIL PROTECTED] wrote: I did an upgrade (read reinstall) last week on a Dell PE830 server from OpenBSD 4.2 to 4.3. It is a 4.3 RELEASE std install, but a stable update of kernel and userland from May 29. The

Lost sensors info when upgraded from 4.2 to 4.3

Hi I did an upgrade (read reinstall) last week on a Dell PE830 server from OpenBSD 4.2 to 4.3. It is a 4.3 RELEASE std install, but a stable update of kernel and userland from May 29. The sensors worked ok in 4.2. In 4.3 it looks like this where the sensor info is null.. [EMAIL

relayd and src track

Hi Is it possible to handle PF src track from relayd. If I use sticky connections in relayd (NOT layer 7) and one target host dissappear, then it seems like src track comes into play. When one target host (for example 10.0.0.1 below) goes down I want to clear all src track info from PF

System update errors

Hi I have today updated (well tried) two OpenBSD -STABLE systems. One 4.0 and one 4.1. First the kernel update and a reboot... No problem Then a make obj make build of the userland. This gave me the following error after a while... --snip-- cc -c -O2 -pipe -I.

Re: System update errors

On Sunday 16 December 2007 19.02.46 Hannah Schroeter wrote: Hi! On Sun, Dec 16, 2007 at 05:45:05PM +0100, Firas Kraiem wrote: On Sunday 16 December 2007 17:13:49 Per-Olov SjC6holm wrote: I have today updated (well tried) two OpenBSD -STABLE systems. One 4.0 and one 4.1. First the

Re: smarthost and sendmail on 4.2

On Thursday 29 November 2007 23.54.37 Moe Sizlak wrote: Hi, I have a problem on 4.2 when sending mail via a smarthost. Basically the DS host is not being used. From the modified cf file - dnl mail.myisp.net with the hostname of your ISP's mail server. dnl

Re: sensorsd says the sensor is within limit, but it's not...

On Wednesdayen den 4 July 2007 04.17.30 you wrote: On 03/07/07, Per-Olov Sjvholm [EMAIL PROTECTED] wrote: Hi Misc I am probably missing something, but what.. sensorsd says in the syslog that the sensor is within limits even though a sysctl -a|grep sensor shows that it is not.

sensorsd says the sensor is within limit, but it's not...

Hi Misc I am probably missing something, but what.. sensorsd says in the syslog that the sensor is within limits even though a sysctl -a|grep sensor shows that it is not. Are there any known bugs? I have checked the list and cannot find anything related to this... I run a Dell PE830 on

Re: ifstated wont work if started at boot. Only from command line

On Thu, November 30, 2006 17:19, Per-Olov Sjoholm wrote: Hi I run ifstated on command line without any flags and everything works prefect But when I add a statement to rc.local and a variable in rc.conf.local it starts at boot but simply refuse to work correctly. rc.local if [

Re: pf load balancing and failover

On Thursday 26 October 2006 22:28, Kevin Reay wrote: Hey, On 10/26/06, Pete Vickers [EMAIL PROTECTED] wrote: If I recall correctly, You don't. :o) slbd adds new rules to pf for each incoming tcp session. Since I couldn't get it to work (old version) I do not know what the session and

Re: Dell 2650 with unsupported Adaptec PERC 3/Di RAID controller?

On Tuesday 24 October 2006 03:47, K Kadow wrote: I've inherited a half dozen Dell PowerEdge 2650s with the PERC 3/Di Adaptec RAID controllers, mostly running old OpenBSD with the 'aac' RAID controller enabled. I'd like to put as little money (and time) into these as possible while still

Re: pf load balancing and failover

On Sunday 22 October 2006 01:44, Kevin Reay wrote: Point of correction, slbd didn't have the ability to ping IP addresses. Good call. You might check the code in CVS, it should compile and work on 3.9. Your right, I didn't notice it was being maintained. Thanks for the pointer, and

Re: Solution to - Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

On Sunday 22 October 2006 15:48, Girish Venkatachalam wrote: On Sat, Oct 21, 2006 at 10:04:19PM +0200, Per-Olov Sj??holm wrote: Here is a post with info that solves and explain the case if someone else get stuck in the problem. This problem was actually caused by an updated OpenSSL. I

Re: pf load balancing and failover

On Sunday 22 October 2006 17:29, Bill Marquette wrote: On 10/22/06, Per-Olov Sjvholm [EMAIL PROTECTED] wrote: Hi I have followed this thread. Can anyone point out a working download link? Sourceforge does not have any working mirrors for this slbd-1.3.tar.gz file.. Probably a

Re: pf load balancing and failover

On Sunday 22 October 2006 21:13, Kevin Reay wrote: On 10/22/06, Per-Olov Sjvholm [EMAIL PROTECTED] wrote: Hi again I am looking at the CVS. I can't see its possible to out of the box remove addresses from a round robin scheme in PF against a faulty web server. Am I missing something?

Solution to - Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

On Tuesday 17 October 2006 12:08, Per-Olov SjC6holm wrote: On Tuesdayen den 17 October 2006 11:17, you wrote: On Tue, 17 Oct 2006, Per-Olov SjCB6holm wrote: What should I clean when I totaly wiped out /usr/src and /usr/obj before the cvs update. The build is done as follows...

Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

On Tuesdayen den 17 October 2006 09:19, you wrote: On Tue, 17 Oct 2006, Per-Olov SjC6holm wrote: On Tuesday 17 October 2006 01:07, you wrote: After I upgraded to 3.9 stable from Oct 10 SSH key login no longer work. All my servers stopped working with SSH key logins with the result

Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

On Tuesdayen den 17 October 2006 11:17, you wrote: On Tue, 17 Oct 2006, Per-Olov SjCB6holm wrote: What should I clean when I totaly wiped out /usr/src and /usr/obj before the cvs update. The build is done as follows... --snip-- cd /usr export CVSROOT=[EMAIL PROTECTED]:/cvs cvs

Re: Cannot login into OpenSSH after applying patch 020_ssh2.patch to OpenBSD 3.8 stable

On Monday 16 October 2006 16:40, you wrote: Hi everybody, Darren has just become my hero of the day. Rebuilding OpenSSH like Darren described earlier works on my OpenBSD 3.8 box. No more problems. Happiness. thanks a lot Darren! regards, Tobias W . I was just about to start to

Re: Cannot login into OpenSSH after applying patch 020_ssh2.patch to OpenBSD 3.8 stable

On Monday 16 October 2006 23:44, Stuart Henderson wrote: On 2006/10/16 23:14, Per-Olov Sjvholm wrote: But man release doesn't say make obj depend make build is needed instead of make obj make build for the source. Should depend be there in the source build as well? make build does even

SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

After I upgraded to 3.9 stable from Oct 10 SSH key login no longer work. All my servers stopped working with SSH key logins with the result that all my rsync automated backups gave up. This happened after my last upgrade October 10, where I did a full source update of my 3.9 stable. I could

Re: SSH upgrade to ver 4.4 on OBSD 3.9 stable broke key auth

On Tuesday 17 October 2006 01:07, you wrote: After I upgraded to 3.9 stable from Oct 10 SSH key login no longer work. All my servers stopped working with SSH key logins with the result that all my rsync automated backups gave up. This happened after my last upgrade October 10, where I did a

Redundant over two ethernet switches

Hi Let's say we have two switches on the same subnet with RSTP (Rapid Spanning Tree) on. If I want to connect an OpenBSD server 3.9 or 4.0 (with TWO intel NIC:s and ONE IP address) two both these switches (redundancy purpose not speed) I think I need some extra features on the NIC driver.

if_em.c and rev 1.131

Hi misc I am looking at http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_em.c and can see the following... --snip-- revert revision 1.131, the code in question was later found to not ensure the proper alignment requirement for the VLAN layer on strict alignment architectures. This would

Perc 5/i

Hi Misc Will the new built in SAS controller Perc 5/i in the Dell servers (LSI SAS megaraid driver) work in OpenBSD 3.9? Will it work in the upcoming 4.0 release? We will eventually buy a bunch of Dell 1950 servers. And of course we will have the firewalls on OpenBSD Tried to search for

Re: Sendmail access question

On Thursday 25 May 2006 23.36, you wrote: I would like to accept mail from only one specified SMTP server and reject all others. I tried '*.*REJECT' in /etc/mail/access but that doesn't seem to work. Mike Spenard Change to... X.Y.Z.W RELAY in /etc/mail/access and rebuild the access.db

Re: traffic shaping question.

On Tuesday 23 May 2006 12.56, S t i n g r a y wrote: I want to do traffic shaping as per protocol basis so if i give a certian bandwith to HTTP protocole , isnt there any way i can diffrenciate between HTTP webpages HTTP downloads of huge .iso files ? i dont want users who are downloading

Re: SunFire x4100

On Monday 15 May 2006 17.07, Peter Huncar wrote: Hi misc I got this: http://www.sun.com/servers/entry/x4100 from SUN to test it, tried to install 3.9release a minute ago without success, the disks (SAS - LSI adapter) were not detected. Unfortunately, I'm not able to donate this HW :( It

Re: cyrus, sasl and /etc/passwd

On Saturday 29 April 2006 02.00, John Brahy wrote: How do I configure cyrus imapd to retrieve mail from normal unix mailboxes and validate against the unix password? I have been trying to find info on it and I can't find anything that works with v2.2.12 from 3.8 ports. Can someone point me in

mclpool limits

Hi #Setup:# A redundant firewall pair (two HP DL380G4) with 3 em dual gig nics (plus 2 unused bge), 6 vlans, pfsync and 1500 rows of pf.conf. OpenBSD 3.8 STABLE (updated two weeks ago). The generic kernel is used + backported SACK patch so we could use synproxy correctly. #Problem:# This

Re: 10k pps

On Friday 07 April 2006 10.25, Claudio Jeker wrote: On Fri, Apr 07, 2006 at 12:17:58AM +0200, Per-Olov Sjvholm wrote: On Thursday 06 April 2006 23.08, Claudio Jeker wrote: On Thu, Apr 06, 2006 at 11:47:16PM +0300, Claudiu Pruna wrote: Hi there list, I got to a

Re: SpamAssassin autolearn problem

On Thursday 06 April 2006 16.15, Gabriel George POPA wrote: Some e-mails I receive have autolearn=no and others have autolearn=failed. I use the classic combination of spamd/spamc and the OpenBSD 3.8 provided p5-SpamAssassin package, installed as OpenBSD recommends. I tried to

Re: 10k pps

On Thursday 06 April 2006 23.08, Claudio Jeker wrote: On Thu, Apr 06, 2006 at 11:47:16PM +0300, Claudiu Pruna wrote: Hi there list, I got to a situation at work where I have an OpenBSD 3.9 amd64 router acting as bgp and ospf router, and it has to coupe with 100Mbps and approx

Re: Firefox with Java and Flash

On Friday 31 March 2006 03.05, you wrote: Hi all, I have installed in my machine both firefox web browser and java plugin (compiled on my own machine). The java plugin works fine with opera, but I'd like to use it with firefox, but I don't know where to put it. Does anyone here from list

Re: rotating apache logs

On Friday 31 March 2006 09.05, you wrote: Hi. What is the best way to rotate apache logs on OpenBSD? Ideally I would like to create a new one at the beginning of each month. I searched my system for logrotate and could not find it. Tired of spam? Yahoo! Mail has the best spam protection

Re: LSI Raid Card

On Wednesday 29 March 2006 16.27, Gaby vanhegan wrote: Hi, If I got one of these: http://www.lsilogic.com/products/megaraid/sata_150_4.html Which is supported under the ami driver, and that I'll have four drives in RAID 5, each in these:

Re: pf and passive (ftp) port tricks

On Tuesday 28 March 2006 14.09, Michael Schmidt wrote: Hello, did anyone setup helpful tricks in pf concerning passive ports for ftp? Why I am asking has the following reason: In general you have to open ports for incoming passive ftp requests on a wide range, but that4s a point I don4t

Re: Support the project by buying from store or make donations

Yes I see three or four things at this http://images.kd85.com/notforsale/ page that could be candidates for giveaways to customers. I did almost forgot this link. Did I get it during the last CD buy? I have forgotten... However. To bad it's not on the official page... I really wonder why it

Re: NIC:s, interrupts and performance in High load environment

On Monday 27 March 2006 05.10, you wrote: On 3/26/06, Per-Olov Sjvholm [EMAIL PROTECTED] wrote: My questions are: Is it normal for the above server to idle for 50-70% when there is 50Mbit network load and 25000 states? Is there a way to make it idle even more and lower the interrups? How?

NIC:s, interrupts and performance in High load environment

Hi misc If I got it right, an interrupt requires a context switch which cost resources. And if we have a firewall with many NIC:s and high load, interrrupt sharing and high quality NIC:s could make the situation better. At one customer we have between 40-80 Mbit average traffic to and 15-35

Support the project by buying from store or make donations

Hi This mail should maybe have been sent to Theo or Wim. Let's hope Theo wont verbal kill me as this is *another* suggestion. But it is also fact from the field... We have about 15 customers running OpenBSD (growing). Web hosting companies, ISP:s, the government and some smaller companies. For

  1   2   >