On 2007-10-04, Christian Weisgerber [EMAIL PROTECTED] wrote:
So you just set five data bits, no parity, CSTOPB, and you'll be
fine. Just why you would need this is beyond me, though. The only
application that comes to mind is interfacing with 50-year-old
teletype equipment.
Thanks for the
Hi list,
In order to get familiar with CARP, i have set up a playground with 3
machines under vmware. I noticed that the CARP devices do not see any IP
broadcasts, so this would make CARP unusable for a DHCP server or
anything else that needs to respond to IP broadcasts.
Is this expected
On Wed, Oct 03 2007 at 32:20, Jeff Simmons wrote:
Anyone have any experience with this?
A company a client of mine wishes to work with insists this will work, but I
have my doubts. The documentation for the 3002 seems to indicate that it is
specifically for connections to a Cisco 3000
On 2007/10/04 17:48, Florin Andrei wrote:
All firewall rules are written as stateless as possible - I don't need
stateful filtering, the setup is very simple (allow HTTP inbound, allow a
few ICMP types, and that's it).
You might want to re-think this, stateless rulesets are usually
slower.
Hi,
I've tried setting up multiple qemu hosts on OpenBSD 4.1 but having
problems setting up the networking. The first qemu instance works just
fine with -net nic -net tap but I never were able to get the network
working with a second or third qemu instance.
The server got a main IP and a small
On Fri, Oct 05, 2007 at 10:54:17AM +0200, Michael wrote:
Hi,
I've tried setting up multiple qemu hosts on OpenBSD 4.1 but having
problems setting up the networking. The first qemu instance works just
fine with -net nic -net tap but I never were able to get the network
working with a second
Patrick Hemmen wrote:
Ok.
Before using carp/sasyncd the IPSEC tunnel had worked.
The isakmpd daemon listen on all interfaces/ip addresses.
I am illustrating my set up
vpngw01: 10.10.10.101
carp: 10.10.10.1 -- INTERNET -- remote gateway: 192.168.1.1
vpngw02: 10.10.10.102
I've been informed that I was talking out of my hat, as I suspected.
KQEMU (QEMU accelerator) is a Linux kernel module and, therefore, not
an option for the OpenBSD. I'll put my hat back on my head now.
On 10/4/07, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote:
Gerald Thornberry wrote:
I've never
ext_if =rl0 #macro for external interface
int_if =dc0 #macro for internal interface
localnet= $int_if:network
nat on $ext_if from $localnet to any - ($ext_if)
#block in
pass out keep state
pass out on $ext_if proto tcp all
pass inet proto tcp from {lo0, $localnet} to any keep state
I
On 10/5/07, Gerald Thornberry [EMAIL PROTECTED] wrote:
I've been informed that I was talking out of my hat, as I suspected.
KQEMU (QEMU accelerator) is a Linux kernel module and, therefore, not
an option for the OpenBSD. I'll put my hat back on my head now.
For whatever it's worth, I had to
Hello,
Does anyone have any pointers for getting the HTML Tidy extensions
working in PHP on OpenBSD? I am running a 4.0 system.
According to PHP's website, I do not need to download the version of
Tidy from PECL, because Tidy is supposed to be built-in in PHP 5 (I have
the PHP 5.1.4
On Thu, Oct 04, 2007 at 05:03:41PM +0200, G?bri M?t? wrote:
There'll be two main servers, a web server and a sql server. We have to
insert a timestamp and a signature in the specified rows of tables.
Periodically the sql server will make pdf documents from the data and we
have to sign and
I commented out block in for testing purposes. still, no success.
If you know what's wrong, please don' t just answer. I want to
understand the solution.
Start with nat routing, and then move to filtering.
Keep your nat rule, get rid of the filter fules you have now, and put in a
default
Previously posted to [EMAIL PROTECTED] Received no replies so trying here.
Hello,
I'm using route-to to allow specific systems to use different external
interfaces and seeing a performance issue.
The performance issue is that normal web access is horrifically slow, yet when
doing a download
I commented everything out except the nat rule and
pass out keep state
still nothing.
On Oct 5, 2007, at 11:04 AM, Joe Gibbens wrote:
I commented out block in for testing purposes. still, no success.
If you know what's wrong, please don' t just answer. I want to
understand the solution.
While running spamassassin (the one in OpenBSD 4.0) my Perl (also OBSD 4.0)
happened to segfault when learning what is spam. There is no suspicion on bad
hardware, and this situation already happened in the past several times
ocassionally.
There were 9153 spam messages in the folder. I'll try if
the bsd box is definitely online. quick ping to google gives 0 packet
loss.
On Oct 5, 2007, at 12:47 PM, James Mackinnon wrote:
with pf enabled and using a pass out keep state
from the BSD box, make sure it can hit the internet. this will
remove it as being an interface issue to start.
both do have IP's. dc0 has a private IP.
rl0 is connected to the internet.
On Oct 5, 2007, at 12:52 PM, ropers wrote:
On 05/10/2007, a.padilla [EMAIL PROTECTED] wrote:
I commented everything out except the nat rule and
pass out keep state
still nothing.
Sorry to be basic, but do your NICs
Hello,
Does anyone have any pointers for getting the HTML Tidy extensions
working in PHP on OpenBSD? I am running a 4.0 system.
According to PHP's website, I do not need to download the version of
Tidy from PECL, because Tidy is supposed to be built-in in PHP 5 (I have
the PHP 5.1.4
I'd like to say Thank you to all of the developers around the world
who make OpenBSD what it is! If I had the skills to write code I
would help, for now my contributions will have to be in other ways.
My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
and this has to be
On 05/10/2007, a.padilla [EMAIL PROTECTED] wrote:
I commented everything out except the nat rule and
pass out keep state
still nothing.
Sorry to be basic, but do your NICs have IP addresses?
What do their /etc/hostname.if(5) files say?
What does ifconfig(8) say?
with pf enabled and using a pass out keep state
from the BSD box, make sure it can hit the internet. this will remove it as
being an interface issue to start.
The NAT setup and the rules, based on the testing rules, should allow this
to work at this point, if it is not, go back to square 1
rl0 is connected to the internet.
On Oct 5, 2007, at 12:52 PM, ropers wrote:
On 05/10/2007, a.padilla [EMAIL PROTECTED] wrote:
I commented everything out except the nat rule and
pass out keep state
still nothing.
delete pass out keep state This will not work alone.
insert pass
I commented out pass out keep state and added, after the nat rule,
pass quick all. Still nothing.
I cant even ping from the server the private IP which the client has
I know the client is connected to the server, it shows up on
dhcpd.leases. Do you think its my dhcpd server that's
ifconfig:
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff00
rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr
On 10/5/07, Chad M Stewart [EMAIL PROTECTED] wrote:
My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
drat, I was hoping for first the first post. you forgot the pic.
inet 10.0.0.0 netmask 0xff00 broadcast 255.255.255.0
John
Without looking at anything else, that line jumps out at me. Are you
certain that you want your broadcast set to '255.255.255.0'? Sounds
like a netmask to me.
On Fri, Oct 05, 2007 at 02:48:00PM -0400, a.padilla wrote:
On Friday 05 October 2007 01:17, Claer wrote:
The Cisco client license forbids explicitely to connect to anything but
Cisco Hardware.
If that's so, then legal forgot to tell marketing. ;-)
The Cisco VPN 3002 Hardware Client works with all operating systems ...
On Fri, Oct 05, 2007 at 11:40:07AM -0400, Chris Smith wrote:
SNIP
The performance issue is that normal web access is horrifically slow, yet
when
doing a download test the results show the proper bandwidth.
It takes a while for the packets to figure out how to get through the
router, once
On 10/5/07, Daniel Barowy [EMAIL PROTECTED] wrote:
Any suggestions? Apparently I don't know what I don't know.
Well, this is a suggestion, not an answer, but I've saved myself a lot of
pain by building ports of PHP related stuff on relatively clean systems (by
relatively clean I mean NO
On Fri, 5 Oct 2007, Daniel Barowy wrote:
Hello,
Does anyone have any pointers for getting the HTML Tidy extensions
working in PHP on OpenBSD? I am running a 4.0 system.
In case anyone is looking to fix this particular problem, this is how I
fixed it:
On 05/10/2007, a.padilla [EMAIL PROTECTED] wrote:
ifconfig:
(...)
rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:18:4d:ea:33:0a
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6
On Oct 5, 2007, at 2:53 PM, Karsten McMinn wrote:
On 10/5/07, Chad M Stewart [EMAIL PROTECTED] wrote:
My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
drat, I was hoping for first the first post. you forgot the pic.
Okay, well fresh from an install on my Sun X2100M2 my
Heinrich Rebehn schrieb:
Patrick Hemmen wrote:
Ok.
Before using carp/sasyncd the IPSEC tunnel had worked.
The isakmpd daemon listen on all interfaces/ip addresses.
I am illustrating my set up
vpngw01: 10.10.10.101
carp: 10.10.10.1 -- INTERNET -- remote gateway: 192.168.1.1
On Fri, 2007-10-05 at 12:14 -0700, Jeff Simmons wrote:
On Friday 05 October 2007 01:17, Claer wrote:
The Cisco client license forbids explicitely to connect to anything but
Cisco Hardware.
If that's so, then legal forgot to tell marketing. ;-)
The Cisco VPN 3002 Hardware Client works
Can you also send your routing table on both the firewall and the client on
your internal network?
netstat -r -f inet
specifically, is the client's default route 10.0.0.0?
If you can, it would be best to experiment with statically defined IPs at
first.
On 10/5/07, a.padilla [EMAIL PROTECTED]
On 2007/10/05 14:48, a.padilla wrote:
dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
inet 10.0.0.0 netmask 0xff00 broadcast 255.255.255.0
10.0.0.0 is not valid with a 255.0.0.0 netmask, it's reserved as the
network address and shouldn't be used by a host. You could use
On 10/5/07, Chad M Stewart [EMAIL PROTECTED] wrote:
Okay, well fresh from an install on my Sun X2100M2 my daughter wanted
to check it out
http://balius.com/openbsd.4.2.jpg
Why does the packaging of an ultra secure UNIX-like operating system
seem so apropos next to a child ;) ? If the cover
Okay, well fresh from an install on my Sun X2100M2 my daughter wanted
to check it out
http://balius.com/openbsd.4.2.jpg
Ok, that's a cool picture. Thanks daniel :)
-Bob
padilla,
Perhaps if you take a step back and look at an example of pf everything
might make more sense. It might help if you had a working pf.conf to learn
from and a basic explanation of what each part of pf does.
OpenBSD Pf Firewall how to ( pf.conf )
http://calomel.org/pf_config.html
On Fri, Oct 05, 2007 at 03:20:27PM -0600, Bob Beck wrote:
Okay, well fresh from an install on my Sun X2100M2 my daughter wanted
to check it out
http://balius.com/openbsd.4.2.jpg
Ok, that's a cool picture. Thanks daniel :)
-Bob
I second that, definitely a cool picture!
On Friday 05 October 2007, andrew fresh wrote:
It takes a while for the packets to figure out how to get through the
router, once they do, the states are set up and everything works as it
should. I can see that.
Seems that way.
Basic scenario is 2 internal interfaces (2 separate subnets)
Does know of a BAT2EXE program that produces an EXE which works under
wine? First hit on google bat2exe wine indicates there is one that
works on Linux (written in delphi), but the link is broken.
I've tried several. Some actually create COM (not EXE) files which wine
won't run. Others
On 10/5/07, Chad M Stewart [EMAIL PROTECTED] wrote:
On Oct 5, 2007, at 2:53 PM, Karsten McMinn wrote:
On 10/5/07, Chad M Stewart [EMAIL PROTECTED] wrote:
My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
drat, I was hoping for first the first post. you forgot the pic.
On Fri, Oct 05, 2007 at 06:49:31PM -0400, Chris Smith wrote:
On Friday 05 October 2007, andrew fresh wrote:
OK, I'm still tagging, but it does seem that doing the route-to on ingress is
a working scenario.
Oh good. I am glad that worked.
You may also want some of the rules like are shown
On Friday, October 5, 2007, 15:14:41, Jeff Simmons wrote:
On Friday 05 October 2007 01:17, Claer wrote:
The Cisco client license forbids explicitely to connect to anything but
Cisco Hardware.
If that's so, then legal forgot to tell marketing. ;-)
The Cisco VPN 3002 Hardware Client works
I'm looking for a ready to install roll package for configureing and
administering a OpenBSD firewall from the web. something along the lines of
pfSense, but with OpenBSD base.
Thanks,
--
Adam
2007/10/6, Cyrus [EMAIL PROTECTED]:
I'm looking for a ready to install roll package for configureing and
administering a OpenBSD firewall from the web. something along the lines of
pfSense, but with OpenBSD base.
Thanks,
http://www.undeadly.org/cgi?action=articlesid=20071003090749
Sorry if this is nosy and sounds stupid, but I'm intrigued:
Why would you need your .bat to become a .exe file?
Hiding your code is obviously not a valid reason, or you wouldn't be
asking this on the OpenBSD mailing list.
On 05/10/2007, Frank Bax [EMAIL PROTECTED] wrote:
Does know of a BAT2EXE
On 10/5/07, Calomel [EMAIL PROTECTED] wrote:
padilla,
Perhaps if you take a step back and look at an example of pf everything
might make more sense. It might help if you had a working pf.conf to learn
from and a basic explanation of what each part of pf does.
OpenBSD Pf Firewall how to (
matheus,
It is the order. The fist queue is for bulk packets and the second is for
ack packets.
Daniel Hartmeier has a detailed page with examples that may make this
clearer.
Prioritizing empty TCP ACKs with pf and ALTQ
http://www.benzedrine.cx/ackpri.html
--
Calomel @ http://calomel.org
51 matches
Mail list logo
