Re: Load Balance net connections w/ redirect
I'm not sure I understand the suggestion. Feel free to enlighten me... I'm completely open to ideas. James On 7/15/05, Will H. Backman [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Harless Sent: Friday, July 15, 2005 2:33 PM To: misc@openbsd.org Subject: Load Balance net connections w/ redirect Hello all, I'm trying to redirect specific ports through a pf firewall that loadbalances 2 outgoing net connections and having some problems. This firewall connects to 2 different ISPs. It also performs greylisting and pre-filtering of mail for viruses(virii?). I know that I need to work in the 'reply-to' option somehow but, I can't see to get it working. Why not use an exterior routing protocol, which is designed to do this? -- What would Bilano do?
IBM mini-pci Atheros wifi card
Hello misc, I'm going to buy a IBM R50e notebook and I would like it to have an a/b/g wireless card. I know that the best way is to buy a laptop with the Atheros chip, but in Poland IBM doesn't sell notebooks with it onboard, so I'll have to buy a separate one (like 31P9701). I made some check up at http://customerproducts.atheros.com/customerproducts and I found that the IBM mini-pci card has an AR5001X+ chip. In ath(4) it's written that only AR5210/AR5211/AR5212 are supported. Does it mean that this IBM card isn't? Or am I missing something? Thanks in advance, -- Przemys3aw Nowaczyk [EMAIL PROTECTED] CS student @ Poznan University of Technology
Re: IBM mini-pci Atheros wifi card
Edd Barrett wrote: Hi, I have an IBM R50e. The wifi card that came inside was an intel card that uses the iwi driver. Actually I don't want to use an Intel card due to the problems/difficulties You indicated and that the firmware for iwi(4) is not free. That's why I'm trying to find aut if AR5001X+ Atheros chip is only an other name of AR5212 chip and is supported or is it a totaly different chip. I am still having difficulty with the card timing out, but most of the time it works well. The author of the driver is aware of the error. Hope this answers your question. Edd but still thanks for answering :) -- Przemys3aw Nowaczyk [EMAIL PROTECTED] CS student @ Poznan University of Technology
Re: Graphics Editor
Sorry about the confusion. I was wanting to create .png graphics for the web. No I did not try to $ cd /usr/ports $ make search key=graphics $ cd /usr/ports/graphics $ make show=COMMENT Also I wanted to know what the .gif logo on the OpenBSD.org homepage was created with. On 7/16/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Seth Jackson wrote: I was wondering what I should use for graphics editing on OpenBSD. I know there is the GIMP, but I didn't know if there were any other good graphics editing programs for OpenBSD. Also, what was the art on the OpenBSD.org homepage created with? Sodipodi, graphics/sodipodi, is a vector graphics program (using gtk2). -- Seth Jackson [EMAIL PROTECTED]
Re: Alpha CS20 wanted
Hello Misc@ To give everyone a status update on the Alpha replacement, we're doing reasonably well on pledges--thanks to all who've stepped up thus far--and at this point it looks like we have funds to cover the repair of the existing machine and / or the purchase of the replacement on. If we're lucky and should the stars align just right, we *may* perhaps have funds to cover both, so that we can have a spare in the event of a future problem. crosses fingers Of important note is that there are a couple of people who've stepped up with fairly significant pledges, so both they and everyone else who has come forward with smaller donations is VERY important to the success of this deal. One pledge that doesn't turn into loot in the bank could be bad news for us. That said, I'll have more news for everyone, including the pledge / donation total thus far, in the next day or so as last minute decisions and donations are made. Thanks to all who've pledged / donated so far. Details will follow on both the machine choice and donation details / instructions in the next couple of days. Best, Kevin
Re: get bittorrent to work via pf
Can I redirect the port to any registered IP address on the subnet? Or do I have manually add lines of the ip addresses? rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 - 192.168.1.38 port 6881 Change to: rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 - ($int_if:network) port 6881 Will that clog the port? Or for each host would I have to assign a different port being redirected from the firewall? rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 - 192.168.1.38 port 6881 rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 - 192.168.1.39 port 6882 Thanks guys. Appreciate the help. Vivek
Re: To secure WiFi networks
Thanks for all the replies, I see now that I should explain myself further. The scenario I am thinking of is when you run a public WiFi access point at let's say a campus with many new visitors from different organisations and you don't want to start messing around with WAP, WEP, IPSec, PPP or L2TP, having staff/manuals to help visitors setting up tunnels on their Windows XP / 2000 laptops is just not feasible. I am after a zero configuration solution for just the HTTP traffic, and if the sites browsed does not support https then there is little I can do on my end. On 7/15/05, Nick Holland [EMAIL PROTECTED] wrote: On Fri, Jul 15, 2005 at 06:03:01PM +0200, Johan P. Lindstrvm wrote: ... I'm not too familiar with the inner workings of the needed technologies (sometimes a pro, often a con) but what if one would use a https proxy, like say squid with SSL/TLS support, to obfuscate the http traffic leaving your laptop over the WiFi LAN to your local OpenBSD box that runs the proxy, that would then with some magic serve you the pages. So that http traffic could not be intercepted on the open WiFi network. ... Before you worry about this too much... IF you are worried about people packet sniffing your wireless connection, you should probably be running some kind of encryption on the traffic already, wireless or not. What's the point of encrypting from your laptop to the firewall, if it is then sent plain-text to the remote end over the common cable that many of your neighbors are also attached to. By this point in time, any communications over the internet which should not be sniffed should be encrypted end-to-end. That was a specific answer to a specific question. the above reply is not meant to imply wireless security issues don't matter. IF the question is, How do I keep people out of my wireless network, or how do I keep them from sniffing internal traffic in my network, my answer would be very different...but that wasn't the question. Nick.
kdeinit problems in 3.7-current
OS: 3.7-current as of July 12, with sync-ed kernel, userland, XF4, and ports App: kdebase-3.4.1, rebuilt 7/13, after building kernel, userland, XF4. Platform: i386 This newbie is looking for debugging advice. I'm not sure exactly where to look to try to solve this particular software problem. I'm looking for advice as to which FM to RT. :-) - Usually when I'm using firefox 1.0.4, my X environment will crash. Each time, kdeinit drops a .core file showing: - #0 0x099e50d1 in kill () from /usr/lib/libc.so.38.1 - Immediately afterwards, Xorg would report caught signal 11 -- both on the startx console, and, in the Xorg.0.log file. Now, because signal 11s are so often hardware problems, I ran memtest86 on the hardware. 12 hours of running memtest86 does not show any obvious memory problems. My xorg.conf file is automatically generated with xorgcfg. I added these lines to get Xorg to drop a .core file as well: - Section ServerFlags Option NoTrapSignals on EndSection - Kdeinit still drops a core file, but Xorg does not. But, the console messages and log messages have changed. Now, the log does not show any messages at failure ... the file is just closed when Xorg stops running. And the console, instead of showing signal 11, shows: - Gdk-ERROR **: X connection to :0.0 broken (explicit kill or server shutdown). - I'm not sure whether this is an Xorg issue, a KDE issue, or -- because I'm running firefox, an X application issue. Any advice you might have to help me narrow down the problem further would be appreciated. -Josh-
OpenBGPD: filter bogus AS...
Hi there, I wish to add a filter to avoid that bogus AS that should be reserved for private network to be accepted by my router. The problem is that : # filter bogus AS allow from any AS { 64512, 65534 } set nexthop blackhole Doesn't allow ranges... Is there any better way to handle such setup ? (Do I need to add all AS ranges by hand ?) PS: I run openbgpd on OpenBSD 3.6 plus current patches... Sincerly, /Xavier
Re: OpenBGPD: filter bogus AS...
* Xavier Beaudouin [EMAIL PROTECTED] [2005-07-16 20:04]: I wish to add a filter to avoid that bogus AS that should be reserved for private network to be accepted by my router. The problem is that : # filter bogus AS allow from any AS { 64512, 65534 } set nexthop blackhole Doesn't allow ranges... Is there any better way to handle such setup ? no, but adding ranges might be a good idea... -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: To secure WiFi networks
On 7/16/05, Johan P. Lindstrvm [EMAIL PROTECTED] wrote: The scenario I am thinking of is when you run a public WiFi access point at let's say a campus with many new visitors from different organisations [...] If you're dealing with visitors from various organisations, you may want to investigate using 802.1x with dynamic VLAN assignment and roaming for users. Unfortunately, *BSD support for 802.1x - at least to my knowledge - is not available. Windows (SecureW2) and Linux (Open1x) platforms do support it. Open1x states it cannot sustain the effort of supporting *BSD. On top of that; you'll need some RADIUS infrastructure and 802.1x capable devices that can do the VLAN assignment. In other words: it may be rather outside the scope you're thinking of (but it's used on several campuses, including mine :) Cheers, Rogier -- If you don't know where you're going, any road will get you there.
VoIP with asterisk and x-lite
I have an OpenBSD 3.7 gateway. This gateway run Asterisk. (/usr/ports/telephony/asterisk) I have two windows box which use X-Lite softphone, and each box connect to Asterisk using this softphone (X-Lite). Asterisk use the following configuration : /etc/asterisk/sip.conf ; Phone #1 [Phone1] type=friend host=dynamic defaultip = 192.168.10.12 # windows box IP context = sip callerid=Phone1 1 ; Phone #2 [Phone2] type=friend host=dynamic defaultip = 192.168.10.5 # second windows box IP context = sip callerid=Phone 2 i have the following extension : /etc/asterisk/extensions.conf [sip] exten = 1,1,Dial(SIP/Phone1,20,tr) exten = 2,1,Dial(SIP/Phone2,20,tr) One windows box have phone number 1 and the other windows box have phone number 2. I call Phone number 2 from Windows box with phone number 1 and work. But i don't hear my voice on Windows box with phone number 2 . Why ? Any idea to help me ? Thank you very much !
Re: VoIP with asterisk and x-lite
--On 16 July 2005 23:34 +0300, Kiraly Zoltan wrote: I have two windows box which use X-Lite softphone, and each box connect to Asterisk using this softphone (X-Lite). I call Phone number 2 from Windows box with phone number 1 and work. But i don't hear my voice on Windows box with phone number 2 . Why ? Any idea to help me ? I think you have the wrong list, try here - http://lists.digium.com/mailman/listinfo/asterisk-users But... since * config is the same on each, and you're using the same software on both Windows boxes, look at any differences between them. Points especially worth consideration include any NAT or firewalls between the endpoints, and any 'personal firewalls' running on the Windows boxes.
Dell 2800 Server: PERC4ei (Embedded Integrated) RAID solution?
Hi: Is the Dell ROMB PERC 4ei RAID controller chipset supported by OpenBSD 3.7/i386 (or CURRENT)? I am considering a Dell PowerEdge 2800 model server (Dual 64-bit Xeon @ 3.0 GHz EMT64) and would prefer to choose a RAID option that is fully compliant with OpenBSD/i386. I specifically want to avoid choosing an Adaptec solution (e.g., Adaptec SCSI Card 39160) if it could cause problems with the OpenBSD device drivers. - [EMAIL PROTECTED] Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: VoIP with asterisk and x-lite
I think you have the wrong list, try here - http://lists.digium.com/mailman/listinfo/asterisk-users and here /usr/local/share/examples/asterisk/openbsd/
LCDPROC
I'm interested in using an LCD on my OBSD box to view a few stats. The box already runs headless so this would just be a means to check stats at a glance. Has anyone here used LCDProc or something similar? If so what comments do you have? As to hardware - serial or USB? Which is better supported under OBSD 3.7? Steve
Re: Dell 2800 Server: PERC4ei (Embedded Integrated) RAID solution?
yes On Jul 16, 2005, at 6:31 PM, Anon Y. Mous wrote: Hi: Is the Dell ROMB PERC 4ei RAID controller chipset supported by OpenBSD 3.7/i386 (or CURRENT)? I am considering a Dell PowerEdge 2800 model server (Dual 64-bit Xeon @ 3.0 GHz EMT64) and would prefer to choose a RAID option that is fully compliant with OpenBSD/i386. I specifically want to avoid choosing an Adaptec solution (e.g., Adaptec SCSI Card 39160) if it could cause problems with the OpenBSD device drivers. - [EMAIL PROTECTED] Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
'no link' ethernet and dhcp in -current
Hi, all. I've got a laptop with wi(4) and sis(4) network interfaces. While installing 3.6, I could configure them to use dhcp to obtain their addresses, even if neither was actually connected to a network (i.e., no wireless in range and no ethernet jack close by). When I installed 3.7, I found this was no longer true of the wireless---my sis0 would note 'no link .. giving up' and write its hostname.sis0 to use dhcp anyway, but wi0 wouldn't configure; once configuration failed, it would keep going back to the Which one do you wish to initialize? (or 'done') [wi0] prompt. That's all well and good, as it was a minor item to create a hostname.wi0 file (but who knows what else I was leaving out?) by hand. In CURRENT, however (as of 12 July snapshot), the same happens for sis0 when a dhcp server can't be reached. I'm all for doing it the right way, but that's why I tell it what configuration to use during installation---should it really keep ignoring my answers, even if they seem like they don't work? Is there any chance of reverting (or coming close) to the previous behavior? Yes, I realize it's a very minor issue, but it would be nice not to have to write my own network configuration into install.site, and not to have to be connected to a network to install properly. Thanks, and thanks in advance for any pointers (as well as for any take a long walk... messages, of course ;-) ) CDJ -- Christian Jones [EMAIL PROTECTED] http://www.aleph0.com/~chjones