Re: Load Balance net connections w/ redirect

[James Harless]

I'm not sure I understand the suggestion.  Feel free to enlighten
me... I'm completely open to ideas.

James

On 7/15/05, Will H. Backman [EMAIL PROTECTED] wrote:
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
 Of
  James Harless
  Sent: Friday, July 15, 2005 2:33 PM
  To: misc@openbsd.org
  Subject: Load Balance net connections w/ redirect
 
  Hello all,
 
  I'm trying to redirect specific ports through a pf firewall that
  loadbalances 2 outgoing net connections and having some problems.
  This firewall connects to 2 different ISPs.  It also performs
  greylisting and pre-filtering of mail for viruses(virii?).  I know
  that I need to work in the 'reply-to' option somehow but, I can't see
  to get it working.
 
 Why not use an exterior routing protocol, which is designed to do this?
 


-- 
What would Bilano do?

IBM mini-pci Atheros wifi card

[Przemysław Nowaczyk]

Hello misc,
I'm going to buy a IBM R50e notebook and I would like it to have an 
a/b/g wireless card. I know that the best way is to buy a laptop with 
the Atheros chip, but in Poland IBM doesn't sell notebooks with it 
onboard, so I'll have to buy a separate one (like 31P9701). I made some 
check up at http://customerproducts.atheros.com/customerproducts and I 
found that the IBM mini-pci card has an AR5001X+ chip. In ath(4) it's 
written that only AR5210/AR5211/AR5212 are supported. Does it mean that 
this IBM card isn't? Or am I missing something?

Thanks in advance,
--
Przemys3aw Nowaczyk [EMAIL PROTECTED]
CS student @ Poznan University of Technology

Re: IBM mini-pci Atheros wifi card

[Przemysław Nowaczyk]

Edd Barrett wrote:


Hi,

I have an IBM R50e. The wifi card that came inside was an intel card 
that uses the iwi driver.


Actually I don't want to use an Intel card due to the 
problems/difficulties You indicated and that the firmware for iwi(4) is 
not free. That's why I'm trying to find aut if AR5001X+ Atheros chip is 
only an other name of AR5212 chip and is supported or is it a totaly 
different chip.


I am still having difficulty with the card timing out, but most of the 
time it works well. The author of the driver is aware of the error.


Hope this answers your question.

Edd


but still thanks for answering :)

--
Przemys3aw Nowaczyk [EMAIL PROTECTED]
CS student @ Poznan University of Technology

Re: Graphics Editor

[Seth Jackson]

Sorry about the confusion. I was wanting to create .png graphics for
the web. No I did not try to

$ cd /usr/ports
$ make search key=graphics

$ cd /usr/ports/graphics
$ make show=COMMENT

Also I wanted to know what the .gif logo on the OpenBSD.org homepage was created
with.

On 7/16/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 Seth Jackson wrote:
  I was wondering what I should use for graphics editing on OpenBSD. I
  know there is the GIMP, but I didn't know if there were any other good
  graphics editing programs for OpenBSD. Also, what was the art on the
  OpenBSD.org homepage created with?
 
 Sodipodi, graphics/sodipodi, is a vector graphics program (using gtk2).
 
 


-- 
Seth Jackson [EMAIL PROTECTED]

Re: Alpha CS20 wanted

[Kevin]

Hello Misc@

To give everyone a status update on the Alpha replacement, we're doing
reasonably well on pledges--thanks to all who've stepped up thus
far--and at this point it looks like we have funds to cover the repair
of the existing machine and / or the purchase of the replacement on.

If we're lucky and should the stars align just right, we *may* perhaps
have funds to cover both, so that we can have a spare in the event of
a future problem. crosses fingers

Of important note is that there are a couple of people who've stepped
up with fairly significant pledges, so both they and everyone else who
has come forward with smaller donations is VERY important to the
success of this deal. One pledge that doesn't turn into loot in the
bank could be bad news for us.

That said, I'll have more news for everyone, including the pledge /
donation total thus far, in the next day or so as last minute
decisions and donations are made.

Thanks to all who've pledged / donated so far. Details will follow on
both the machine choice and donation details / instructions in the
next couple of days.


Best,
Kevin

Re: get bittorrent to work via pf

[Vivek Ayer]

Can I redirect the port to any registered IP address on the subnet? Or
do I have manually add lines of the ip addresses?

 rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 -
 192.168.1.38 port 6881

Change to:

 rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 -
 ($int_if:network) port 6881

Will that clog the port? Or for each host would I have to assign a
different port being redirected from the firewall?

 rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 -
 192.168.1.38 port 6881

 rdr on $ext_if proto {tcp, udp} from any to $ext_ip port 6881 -
 192.168.1.39 port 6882

Thanks guys. Appreciate the help.

Vivek

Re: To secure WiFi networks

[Johan P . Lindström]

Thanks for all the replies, I see now that I should explain myself further.
 The scenario I am thinking of is when you run a public WiFi access point at
let's say a campus with many new visitors from different organisations and
you don't want to start messing around with WAP, WEP, IPSec, PPP or L2TP,
having staff/manuals to help visitors setting up tunnels on their Windows XP
/ 2000 laptops is just not feasible. I am after a zero configuration
solution for just the HTTP traffic, and if the sites browsed does not
support https then there is little I can do on my end.


 On 7/15/05, Nick Holland [EMAIL PROTECTED] wrote:

 On Fri, Jul 15, 2005 at 06:03:01PM +0200, Johan P. Lindstrvm wrote:
 ...
  I'm not too familiar with the inner workings of the needed technologies
  (sometimes a pro, often a con) but what if one would use a https proxy,
 like
  say squid with SSL/TLS support, to obfuscate the http traffic leaving
 your
  laptop over the WiFi LAN to your local OpenBSD box that runs the proxy,
 that
  would then with some magic serve you the pages. So that http traffic
 could
  not be intercepted on the open WiFi network.
 ...

 Before you worry about this too much...

 IF you are worried about people packet sniffing your wireless
 connection, you should probably be running some kind of encryption on
 the traffic already, wireless or not. What's the point of encrypting
 from your laptop to the firewall, if it is then sent plain-text to the
 remote end over the common cable that many of your neighbors are also
 attached to.

 By this point in time, any communications over the internet which should
 not be sniffed should be encrypted end-to-end.

 That was a specific answer to a specific question.
 the above reply is not meant to imply wireless security issues don't
 matter. IF the question is, How do I keep people out of my wireless
 network, or how do I keep them from sniffing internal traffic in my
 network, my answer would be very different...but that wasn't the
 question.

 Nick.

kdeinit problems in 3.7-current

[Josh Grosse]

OS: 3.7-current as of July 12, with sync-ed kernel, userland, XF4, and ports
App:  kdebase-3.4.1, rebuilt 7/13, after building kernel, userland, XF4.
Platform: i386

This newbie is looking for debugging advice.  I'm not sure exactly where to
look to try to solve this particular software problem.  I'm looking for 
advice as to which FM to RT.  :-)

-
Usually when I'm using firefox 1.0.4, my X environment will crash.
Each time, kdeinit drops a .core file showing:
-
#0  0x099e50d1 in kill () from /usr/lib/libc.so.38.1
-

Immediately afterwards, Xorg would report caught signal 11 -- both on the
startx console, and, in the Xorg.0.log file.  Now, because signal 11s
are so often hardware problems, I ran memtest86 on the hardware.  12 hours of
running memtest86 does not show any obvious memory problems.

My xorg.conf file is automatically generated with xorgcfg.  I added these lines
to get Xorg to drop a .core file as well:
-
Section ServerFlags
Option NoTrapSignals on
EndSection
-

Kdeinit still drops a core file, but Xorg does not.  But, the console messages
and log messages have changed.  Now, the log does not show any messages at 
failure ... the file is just closed when Xorg stops running.  And the console,
instead of showing signal 11, shows:
-
Gdk-ERROR **: X connection to :0.0 broken (explicit kill 
or server shutdown).
-

I'm not sure whether this is an Xorg issue, a KDE issue, or -- because I'm
running firefox, an X application issue.  Any advice you might have to help
me narrow down the problem further would be appreciated.

   -Josh-

OpenBGPD: filter bogus AS...

[Xavier Beaudouin]

Hi there,

I wish to add a filter to avoid that bogus AS that should be reserved  
for private network to be accepted by my router.


The problem is that :

# filter bogus AS
allow from any AS { 64512, 65534 } set nexthop blackhole

Doesn't allow ranges... Is there any better way to handle such setup ?

(Do I need to add all AS ranges by hand ?)

PS: I run openbgpd on OpenBSD 3.6 plus current patches...

Sincerly,
/Xavier

Re: OpenBGPD: filter bogus AS...

[Henning Brauer]

* Xavier Beaudouin [EMAIL PROTECTED] [2005-07-16 20:04]:
 I wish to add a filter to avoid that bogus AS that should be reserved  
 for private network to be accepted by my router.
 
 The problem is that :
 
 # filter bogus AS
 allow from any AS { 64512, 65534 } set nexthop blackhole
 
 Doesn't allow ranges... Is there any better way to handle such setup ?

no, but adding ranges might be a good idea...

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: To secure WiFi networks

[Rogier Krieger]

On 7/16/05, Johan P. Lindstrvm [EMAIL PROTECTED] wrote:
 The scenario I am thinking of is when you run a public WiFi access point at
 let's say a campus with many new visitors from different organisations [...]

If you're dealing with visitors from various organisations, you may
want to investigate using 802.1x with dynamic VLAN assignment and
roaming for users.

Unfortunately, *BSD support for 802.1x - at least to my knowledge - is
not available. Windows (SecureW2) and Linux (Open1x) platforms do
support it. Open1x states it cannot sustain the effort of supporting
*BSD.

On top of that; you'll need some RADIUS infrastructure and 802.1x
capable devices that can do the VLAN assignment. In other words: it
may be rather outside the scope you're thinking of (but it's used on
several campuses, including mine :)

Cheers,

Rogier

-- 
If you don't know where you're going, any road will get you there.

VoIP with asterisk and x-lite

[Kiraly Zoltan]

I have an OpenBSD 3.7 gateway. This gateway run Asterisk. 
(/usr/ports/telephony/asterisk)


I have two windows box which use X-Lite softphone, and each  box connect 
to Asterisk using this softphone (X-Lite).


Asterisk use the following configuration :

/etc/asterisk/sip.conf

; Phone #1
[Phone1]
type=friend
host=dynamic
defaultip = 192.168.10.12   # windows box IP
context = sip
callerid=Phone1 1

; Phone #2
[Phone2]
type=friend
host=dynamic
defaultip = 192.168.10.5  # second windows box IP
context = sip
callerid=Phone 2

i have the following extension :

/etc/asterisk/extensions.conf

[sip]
exten = 1,1,Dial(SIP/Phone1,20,tr)
exten = 2,1,Dial(SIP/Phone2,20,tr)

One windows box have phone number 1 and the other windows box have 
phone number 2.


I call Phone number 2 from Windows box with phone number 1 and work.
But i don't hear my voice on Windows box with phone number 2 . Why ?
Any idea to help me ?

Thank you very much !

Re: VoIP with asterisk and x-lite

[Stuart Henderson]

--On 16 July 2005 23:34 +0300, Kiraly Zoltan wrote:


I have two windows box which use X-Lite softphone, and each  box
connect to Asterisk using this softphone (X-Lite).

I call Phone number 2 from Windows box with phone number 1 and work.
But i don't hear my voice on Windows box with phone number 2 . Why ?
Any idea to help me ?


I think you have the wrong list, try here -
http://lists.digium.com/mailman/listinfo/asterisk-users

But... since * config is the same on each, and you're using the same 
software on both Windows boxes, look at any differences between them. 
Points especially worth consideration include any NAT or firewalls 
between the endpoints, and any 'personal firewalls' running on the 
Windows boxes.

Dell 2800 Server: PERC4ei (Embedded Integrated) RAID solution?

[Anon Y. Mous]

Hi:

  Is the Dell ROMB PERC 4ei RAID controller chipset
supported by OpenBSD 3.7/i386 (or CURRENT)?

  I am considering a Dell PowerEdge 2800 model server
(Dual 64-bit Xeon @ 3.0 GHz EMT64) and would prefer to
choose a RAID option that is fully compliant with
OpenBSD/i386.

  I specifically want to avoid choosing an Adaptec
solution (e.g., Adaptec SCSI Card 39160) if it could
cause problems with the OpenBSD device drivers.

- [EMAIL PROTECTED]
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: VoIP with asterisk and x-lite

[Pedro la Peu]

 I think you have the wrong list, try here -
 http://lists.digium.com/mailman/listinfo/asterisk-users

and here
/usr/local/share/examples/asterisk/openbsd/

LCDPROC

[Steven Bowers]

I'm interested in using an LCD on my OBSD box to view a few stats. The
box already runs headless so this would just be a means to check stats
at a glance. Has anyone here used LCDProc or something similar? If so
what comments do you have? As to hardware - serial or USB? Which is
better supported under OBSD 3.7?

Steve

Re: Dell 2800 Server: PERC4ei (Embedded Integrated) RAID solution?

[Marco Peereboom]

yes

On Jul 16, 2005, at 6:31 PM, Anon Y. Mous wrote:


Hi:

  Is the Dell ROMB PERC 4ei RAID controller chipset
supported by OpenBSD 3.7/i386 (or CURRENT)?

  I am considering a Dell PowerEdge 2800 model server
(Dual 64-bit Xeon @ 3.0 GHz EMT64) and would prefer to
choose a RAID option that is fully compliant with
OpenBSD/i386.

  I specifically want to avoid choosing an Adaptec
solution (e.g., Adaptec SCSI Card 39160) if it could
cause problems with the OpenBSD device drivers.

- [EMAIL PROTECTED]
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

'no link' ethernet and dhcp in -current

[Christian Jones]

Hi, all.  I've got a laptop with wi(4) and sis(4) network interfaces. 
While installing 3.6, I could configure them to use dhcp to obtain
their addresses, even if neither was actually connected to a network
(i.e., no wireless in range and no ethernet jack close by).  When I
installed 3.7, I found this was no longer true of the wireless---my
sis0 would note 'no link .. giving up' and write its
hostname.sis0 to use dhcp anyway, but wi0 wouldn't configure;  once
configuration failed, it would keep going back to the Which one do
you wish to initialize? (or 'done') [wi0]  prompt.

That's all well and good, as it was a minor item to create a
hostname.wi0 file (but who knows what else I was leaving out?) by
hand.  In CURRENT, however (as of 12 July snapshot), the same happens
for sis0 when a dhcp server can't be reached.

I'm all for doing it the right way, but that's why I tell it what
configuration to use during installation---should it really keep
ignoring my answers, even if they seem like they don't work?  Is there
any chance of reverting (or coming close) to the previous behavior? 
Yes, I realize it's a very minor issue, but it would be nice not to
have to write my own network configuration into install.site, and not
to have to be connected to a network to install properly.

Thanks, and thanks in advance for any pointers (as well as for any
take a long walk... messages, of course ;-) )
CDJ
-- 
Christian Jones
[EMAIL PROTECTED]
http://www.aleph0.com/~chjones