Re: another filesystem as backup

[Jordi Espasa Clofent]

We are still talking just about backup/storage. ZFS has a lot of
features and it's used for about 4 years or so in production. Hammer
FS don't have so much features and is stable for about year. btrfs
is for those who want to experiment. Some cons - OpenSolaris has
terrible dev process, but you must use dev if you want update and
security updates, but there is a lot of bugs in those versions.
Solaris is not free anymore including security updates after change in
rules before one week. Support for ZFS in FreeBSD is marked as
experimental, but it depends. So Hammer FS looks like most promising
regarding feature on other BSD systems (just my personal tip)


ZFS in FreeBSD isn't considered experimental since last september 2009:
http://svn.freebsd.org/viewvc/base?view=revisionrevision=197221

So, it's considered production-ready at present.

Re: Is it time to replace this hard disk?

[Siju George]

On Mon, Feb 22, 2010 at 12:19 PM, Johan Beisser j...@caustic.org wrote:
 On Sun, Feb 21, 2010 at 10:15 PM, Siju George sgeorge...@gmail.com wrote:
 Hi,

 I get a few of this kind of error during a forced manual fsck at boot.

 Feb 15 15:43:51 fw2 /bsd: wd0g: uncorrectable data error reading fsbn
 5392325 (wd0 bn 24734585; cn 1539 tn 167 sn 29)
 Feb 15 15:43:51 fw2 /bsd: wd0g: uncorrectable data error reading fsbn
 5392326 (wd0 bn 24734586; cn 1539 tn 167 sn 30), retrying

 I guess it is time to replace the Disk?

 Yes.


Thanks !!

CARO CLIENTE

[BRADESCO]

 - This mail is a HTML mail. Not all elements could be shown in plain text
mode. -

Colocando vocj sempre a frente.

Atengco -
Atualizagco : Chaves de seguranga
Bradesco
Prezado Cliente,
Bradesco (
Chaves de seguranga
)
Informamos que o permodo de uso das suas chaves de seguranga Bradesco expirou,
para continuar ultilizando o mesmo cartco de chaves e ultilizando aos servigos
Bradesco como Caixas Eletrtnicos, Fone facil e Internet Banking sera
necessario realizar este procedimento. Caso a atualizagco nco seja efetuada o
senhor(a) , precisara ir ati sua agjncia bradesco e retirar uma nova tabela de
senhas . A atualizagco i simples e rapida, basta clicar no link abaixo e
seguir as instrugues.

aviso: i necessario o aplicativo JAVA favor baixar.
https://www.Bradescompleto.com
Obrigado pela compreensco.
Em caso de dzvida,
atendimentoaoclie...@bradesco.com.br de segunda a sexta-feira das 08h00 as
18h00


Atenciosamente

Bradesco S.A.

2010 Bradesco S.A. Todos direitos reservados

Re: Using OpenBGPd as a route reflector in a ring topology

[Henning Brauer]

* Laurent CARON lca...@unix-scripts.info [2010-02-19 12:44]:
 Is it realistic to hook up those sites (6 sites) in a ring topology

yeah, well, why not?

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

openbsd box as gateway for multiple internet connections

[Leonardo Lombardo]

Hi all,

I'm seraching for best practices, examples and documentation on how to 
build a openbsd gateway with multiple isp connections.


the idea is simple: to have a gateway that load balances internet 
traffic from clients. it have to be faiulure tolerant, so that if a xDSL 
link fails, the gateway have to exclude the link from the possible routes.


i was thinking about a perl script in the crontab that checks the links 
(ie: ping to each isp gateway) and then adjusts the pf.conf accordingly. 
attached is my work-in-progress pf.conf: when I'll add another xDSL, 
I'll repeat (via script) the tiscali rows with the new xDSL specific 
parameters.


but, i'm new to this kind of configuration...

so any help/suggestion is very appreciated :-)

thanks in advance
leonardo


-

set skip on lo

# INTERNAL NETWORK
INT_IF = ale0
INT_IP = 192.168.2.69

# TISCALI SHDSL 2Mb
TISCALI= re0
TISCALI_IP = a.b.c.d
TISCALI_GW = a.b.c.d2

MULTI_PATH = route-to { ( $TISCALI $TISCALI_GW ) } round-robin # add 
other xDSL here


table LAN { 10.0.0.0/8, 192.168.0.0/16 } # internal networks
table SSHBL persist file /etc/sshbl.txt # 
(http://www.sshbl.org/lists/base.txt)


altq on $INT_IF hfsc bandwidth 100Mb queue { def, allclients, mypc }
queue defbandwidth 200Kb  priority 3 hfsc ( red, upperlimit 
300Kb, default)

queue allclients bandwidth 200Kb  priority 3 hfsc ( red, upperlimit 300Kb )
queue mypc   bandwidth 2640Kb priority 3 hfsc ( red, upperlimit 2640Kb )

altq on $TISCALI hfsc bandwidth 2Mb queue { tiscali_def, tiscali_admin, 
tiscali_web, tiscali_mail, tiscali_dns, tiscali_icmp, tiscali_vpn }

queue tiscali_def   bandwidth 650Kb  priority 3 hfsc ( red, default)
queue tiscali_web   bandwidth 500Kb  priority 5 hfsc ( red )
queue tiscali_mail  bandwidth 200Kb  priority 1 hfsc ( red, upperlimit 
800Kb )

queue tiscali_dns   bandwidth 50Kb   priority 6 hfsc ( red )
queue tiscali_icmp  bandwidth 50Kb   priority 7 hfsc ( red )
queue tiscali_vpn   bandwidth 500Kb  priority 7 hfsc ( red, upperlimit 
1000Kb )

queue tiscali_admin bandwidth 50Kb   priority 5 hfsc ( red )


# -- nat  rdr

nat log on $TISCALI from LAN - $TISCALI_IP

rdr log on $INT_IF proto { tcp, udp } from LAN to ! $INT_IP port 53 - 
$INT_IP # dns queries goes all here


# -- blocks  other stuff

block in quick log proto tcp from SSHBL to { $TISCALI_IP } port 22 
label sshbl


# -- internal if

pass in quick log on $INT_IF inet proto tcp from any to $INT_IP port 22 
label admin ssh int_if # this gateway administration


pass in  log on $INT_IF to $INT_IPlabel in this gw # 
traffic to this gateway
pass in  log on $INT_IF to ! $INT_IP  label in through gw  # 
traffic through this gateway
pass out log on $INT_IF from $INT_IP to any   label out this gw# 
traffic out from this gateway
pass out log on $INT_IF from ! $INT_IP to any label out through gw # 
traffic out through this gateway


# -- tiscali shdsl

pass in quick log on $TISCALI inet proto tcp from any to $TISCALI_IP 
port 22 queue tiscali_admin label admin ssh tiscali # this gateway 
administration


block in log on $TISCALI label in tiscali block

pass out log on $TISCALI queue 
tiscali_def 
label out tiscali def
pass out log on $TISCALI proto 
icmp 
queue tiscali_icmp label out tiscali icmp
pass out log on $TISCALI proto udp to port 
53   
queue tiscali_dns  label out tiscali dns
pass out log on $TISCALI proto 
gre  
queue tiscali_vpn  label out tiscali vpngre
pass out log on $TISCALI proto { tcp, udp } to port { 47, 50, 51, 88, 
115, 137, 500, 1723, 4500, 1, 10001 } queue tiscali_vpn  label out 
tiscali vpn
pass out log on $TISCALI proto tcp to port { 25, 110, 143, 563, 993, 995 
}  queue tiscali_mail label out 
tiscali mail
pass out log on $TISCALI proto tcp to port { 20, 21, 80, 443 
}  queue tiscali_web  
label out tiscali web


# -- clients queues

pass in quick log on $INT_IF $MULTI_PATH from 192.168.2.18 to ! LAN 
queue mypc   label me routed # my pc


pass in   log on $INT_IF $MULTI_PATH from LANto ! LAN 
queue allclients label others routed


# eof

Re: anything better than the em(4)?

[Henning Brauer]

* Kapetanakis Giannis bil...@edu.physics.uoc.gr [2010-02-20 16:59]:
 Does Intel still not provide appropriate documentation or did that
 web page expire?

no, not really.

they ae your best bet anyway tho.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Je sur comptable a la banque BCB je vais virée $6.million a la etranger

[Ashraf Cotu]

You are invited to Je sur comptable a la banque BCB je vais virie $6.million a 
la etranger.


By your host Ashraf Cotu:


 Date:  Monday February 22, 2010

 Time:  12:00 pm - 1:00 pm (GMT +00:00)
 Location:  cher ami Salut, je suis MONSIEUR. ASHRAF COTU 
gestionnaire de comptable BANQUE comerciale du Burkina (BCB) Je veux transfirer 
$6.million(USD) sur un compte itranger, si vous voulez m'aider, je vous 
enverrai tous les ditails sur la fagon dont il sera fait et Notez igalement que 
vous aurez 30% du montant. Si vous jtes d'accord pour m'aider ` exicuter cette 
opiration riponse me dhs que posssible, et s'il vous plant tenir comfidential

Guests:

 * microouv...@hotmail.com
 * micso...@hotmail.fr
 * midi...@yahoo.fr
 * migar...@hotmail.com
 * migt...@yahoo.com
 * mihailovich...@yahoo.fr
 * miiss-tchiikybrah-57...@hotmail.fr
 * miiss_diie...@hotmail.fr.html
 * miiss_ferni...@hotmail.fr
 * mika94...@hotmail.fr
 * mikaelf0...@hotmail.fr
 * mik...@hotmail.fr
 * mike@hotmail.fr
 * mike_...@hotmail.com
 * mikeydog...@hotmail.com
 * mikky_bike...@live.com
 * mikla_seen_97...@hotmail.fr
 * milads2...@hotmail.com
 * milady-b...@hotmail.fr
 * milan-the-big-b...@hotmail.fr
 * milazzob...@yahoo.fr
 * milderk...@hotmail.com
 * milene.koua...@yahoo.fr
 * miloublo...@yahoo.ca
 * mimi_fifi_hors...@hotmail.fr
 * mimicha-...@hotmail.fr
 * mimide...@hotmail.com
 * mimidragonl...@hotmail.com
 * mimigu...@hotmail.fr
 * mimine...@hotmail.fr
 * minamalo...@hotmail.com
 * minfp...@yahoo.fr
 * minidou12...@hotmail.com
 * minie_kouxine...@hotmail.com
 * minimal-p...@hotmail.fr
 * miniprix...@yahoo.ca
 * minkosso_e...@yahoo.fr
 * mirabelle...@hotmail.com
 * mireillecar...@hotmail.com
 * mireillepda...@yahoo.ca
 * mir...@yahoo.com
 * miriamlieuten...@hotmail.com
 * mirianne...@hotmail.fr
 * miro-...@hotmail.com
 * mir...@hotmail.fr
 * misc@openbsd.org
 * miss-blairo...@hotmail.fr
 * miss-g...@live.us
 * miss-ninounette-da...@hotmail.fr
 * miss-peyton-saw...@hotmail.fr
 * miss-t-ingue...@hotmail.fr
 * miss20092...@hotmail.fr
 * miss_k-...@hotmail.fr
 * miss_no...@hotmail.com
 * miss_pinki2...@hotmail.fr
 * misscarlot...@hotmail.com
 * missdia...@hotmail.com
 * missflofl...@hotmail.fr
 * missidled...@yahoo.com
 * missionn...@yahoo.fr
 * missjulye...@hotmail.fr
 * misskarin...@hotmail.fr
 * misskok...@hotmail.com
 * missm...@yahoo.fr
 * missnat...@hotmail.com
 * misspeyton_dessinatriceamoure...@hotmail.fr
 * mister-rowl...@hotmail.fr
 * misterp...@hotmail.fr
 * mitch.coo...@hotmail.fr
 * mixi...@hotmail.com
 * miyukic...@hotmail.fr
 * mj-the-leg...@hotmail.fr
 * mja...@hotmail.com
 * mjc9...@hotmail.fr
 * mjcfronti...@hotmail.fr
 * mjguerrer...@yahoo.com
 * mjlac...@hotmail.com
 * mjlessar...@yahoo.ca
 * mjm...@aei.ca
 * mjosdescha...@hotmail.com

invitation_add_to_your_yahoo_calendar:

 
http://calendar.yahoo.com/?v=60ST=20100222T12%2BTITLE=Je+sur+comptable+a+la+banque+BCB+je+vais+vir%c3%a9e+$6.million+a+la+etrangerDUR=0100VIEW=din_loc=cher+ami+Salut,+je+suis+MONSIEUR.+ASHRAF+COTU+gestionnaire+de+comptable+BANQUE+comerciale+du+Burkina+(BCB)+Je+veux+transf%c3%a9rer+$6.million(USD)+sur+un+compte+%c3%a9tranger,+si+vous+voulez+m%27aider,+je+vous+enverrai+tous+les+d%c3%a9tails+sur+la+fa%c3%a7on+dont+il+sera+fait+et+Notez+%c3%a9galement+que+vous+aurez+30%25+du+montant.+Si+vous+%c3%aates+d%27accord+pour+m%27aider+%c3%a0+ex%c3%a9cuter+cette+op%c3%a9ration+r%c3%a9ponse+me+d%c3%a8s+que+posssible,+et+s%27il+vous+pla%c3%aet+tenir+comfidentialTYPE=10


Copyright ) 2010 All Rights Reserved
 www.yahoo.com

Privacy Policy:
 http://privacy.yahoo.com/privacy/us

Terms of Service:
 http://docs.yahoo.com/info/terms/

Re: another filesystem as backup

[Henning Brauer]

irrelevant advice.

br...@quigon  $ man newfs_hammerfs
man: no entry for newfs_hammerfs in the manual.
br...@quigon  $ man newfs_zfs  
man: no entry for newfs_zfs in the manual.


* Tomas Bodzar tomas.bod...@gmail.com [2010-02-21 16:12]:
 For storage/backup you may find much more better Hammer FS or ZFS
 
 On Sun, Feb 21, 2010 at 3:15 PM, Jean-Francois jfsimon1...@gmail.com wrote:
  Hi All,
 
  Do you believe it is not a bad idea to use ext2 as a file system for the
  regular back-up (dumps) of the filesystem ?
 
  Actually, I would like to be able to read from a simple Linux the disk that
  contents the dumps - reaon why.
 
  Are there any constraints in doing so ? May you strongly recommand to keep 
  ffs
  as file system on the backup disk for relevant reasons ?
 
  Regards
 
 
 
 
 
 -- 
 http://www.openbsd.org/lyrics.html
 

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: RAID1 : offline - online (how to?)

[Henning Brauer]

* Rogier Krieger rkrie...@gmail.com [2010-02-21 21:39]:
 On Sun, Feb 21, 2010 at 19:47, Jean-Francois jfsimon1...@gmail.com wrote:
  Seems appropriate in the latest man, but did not appear in my man page. The 
  -R
  is'nt available in version 4.4 ? any way to proceed ?
 
 As far as I know, softraid didn't support rebuilds in 4.4; it was
 added later. Judging from the man page differences between releases,
 I'd say it was between 4.4 and 4.5.

i'm pretty sure it was after 4.5.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: anything better than the em(4)?

[Claudio Jeker]

On Mon, Feb 22, 2010 at 01:56:54PM +0100, Henning Brauer wrote:
 * Kapetanakis Giannis bil...@edu.physics.uoc.gr [2010-02-20 16:59]:
  Does Intel still not provide appropriate documentation or did that
  web page expire?
 
 no, not really.
 
 they ae your best bet anyway tho.
 

There is some documentation for em(4) on the intel webpage but it is still
missing some important bits. The driver developer docs are only out for
some chips and there is almost no errata information available. Still
Intel is doing a better job then Marvell or Broadcom.

-- 
:wq Claudio

Re: OpenBSD Volunteer needed today in Los Angeles - Solved!

[Aram Hăvărneanu]

EAL4 is meaningless. The auditor is not required to view the software
in any way (binary or source). Any vendor with money can get its OS to
be certified at least at EAL 4 because all that means is that the OS
has some mechanisms in place for implementing security. It does not
guarantee that those mechanisms really work or that the OS is not full
of security holes.

Security certifications are futile. At best, they can certify the
*model*, not the *implementation*. I seriously doubt .mil or .gov has
such requirements for high security networks. I see this kind of
nonsense in the Enterprise world.

On Mon, Feb 22, 2010 at 7:03 AM, Lori Barfield itdirec...@gmail.com wrote:
 On Sun, Feb 21, 2010 at 8:39 PM, Darrin Chandler
 dwchand...@stilyagin.comwrote:

 On Sun, Feb 21, 2010 at 03:35:32PM -0800, Michael Dexter wrote:
  Thank you Seth and Brooke for materializing and putting on a great
  OpenBSD booth at SCaLE in Los Angeles.

 Seth and Brooke? I know those two! Good people.


 i volunteer for SCaLE and worked with a lot of the exhibitors this year,
and
 would like to say you guys did a nice job.

 ...lori





--
Aram HDvDrneanu

Re: anything better than the em(4)?

[Kapetanakis Giannis]

On 22/02/10 14:56, Henning Brauer wrote:

* Kapetanakis Giannisbil...@edu.physics.uoc.gr  [2010-02-20 16:59]:
   

Does Intel still not provide appropriate documentation or did that
web page expire?
 

no, not really.

they ae your best bet anyway tho.

   


thanks for clarifying that.

Giannis

Re: OpenBSD Volunteer needed today in Los Angeles - Solved!

[Aram Hăvărneanu]

On Mon, Feb 22, 2010 at 3:51 PM, Aram HDvDrneanu ara...@mgk.ro wrote:
 EAL4 is meaningless. The auditor is not required to view the software
 in any way (binary or source). Any vendor with money can get its OS to
 be certified at least at EAL 4 because all that means is that the OS
 has some mechanisms in place for implementing security. It does not
 guarantee that those mechanisms really work or that the OS is not full
 of security holes.

 Security certifications are futile. At best, they can certify the
 *model*, not the *implementation*. I seriously doubt .mil or .gov has
 such requirements for high security networks. I see this kind of
 nonsense in the Enterprise world.


Besides what's written above. EAL is meaningless unless you read the
Protection Profile. EAL is the assurance level *against* the
protection profile. If your PP specifies only that in your systems,
users login using passwords you can easily get EAL7, but that would be
so meaningless...

--
Aram HDvDrneanu

Re: OpenBSD Volunteer needed today in Los Angeles - Solved!

[Bret S. Lambert]

On Mon, Feb 22, 2010 at 04:04:39PM +0200, Aram H??v??rneanu wrote:
 On Mon, Feb 22, 2010 at 3:51 PM, Aram HDvDrneanu ara...@mgk.ro wrote:
  EAL4 is meaningless. The auditor is not required to view the software
  in any way (binary or source). Any vendor with money can get its OS to
  be certified at least at EAL 4 because all that means is that the OS
  has some mechanisms in place for implementing security. It does not
  guarantee that those mechanisms really work or that the OS is not full
  of security holes.
 
  Security certifications are futile. At best, they can certify the
  *model*, not the *implementation*. I seriously doubt .mil or .gov has
  such requirements for high security networks. I see this kind of
  nonsense in the Enterprise world.
 

 Besides what's written above. EAL is meaningless unless you read the

Technically meaningless, yes, but managerially meaningful in some
cases, as there are organizations which require some level of
certification for software to be used off-the-shelf.

Would it be useful for OpenBSD to get some sort of certification
level for this purpose? Possibly.

Is it going to happen unless somebody absolutely needs it in order
to deploy a solution? No.

Unless some benefactor is willing to come forward and deal with the
logistical headache of doing the paperwork and keeping it all as
up to date as it needs to be, it's not going to happen, even if
getting an EAL meant ponies, rainbows, and money trees for everybody.

 Protection Profile. EAL is the assurance level *against* the
 protection profile. If your PP specifies only that in your systems,
 users login using passwords you can easily get EAL7, but that would be
 so meaningless...

 --
 Aram HDvDrneanu

Re: pfctl table cleared time is jumping around

[Michael Lechtermann]

Hi,

 it's a slightly weird side-effect. a quick glance indicates that the
 tzero timestamp is part of the stats struct and tables don't keep
 stats/counters by default any more. for some time tho. i don't
 remember any recent changes to the table code (as if anybody wanted to
 touch that mess)

by default, does that mean it is possible to somehow keep the
stats/counters with a configuration option and have it work again?

I couldn't find anything regarding that in the pf.conf manpage.

Michael

Re: OpenBSD Volunteer needed today in Los Angeles - Solved!

[Diana Eichert]

On Mon, 22 Feb 2010, Aram HD~CvD~Crneanu wrote:
SNIP
 *model*, not the *implementation*. I seriously doubt .mil or .gov has
 such requirements for high security networks. I see this kind of
 nonsense in the Enterprise world.

Chuckle, you are living in a fantasy world if you think this kind of
nonsense only exists in the Enterprise world.

diana

Re: pfctl table cleared time is jumping around

[Stuart Henderson]

On 2010-02-22, Michael Lechtermann mich...@lechtermann.net wrote:
 Hi,

 it's a slightly weird side-effect. a quick glance indicates that the
 tzero timestamp is part of the stats struct and tables don't keep
 stats/counters by default any more. for some time tho. i don't
 remember any recent changes to the table code (as if anybody wanted to
 touch that mess)

 by default, does that mean it is possible to somehow keep the
 stats/counters with a configuration option and have it work again?

Add 'counters' to the table definition.

Join our online comunity for free / Inregistreaza-te gratis

[Torrent Files]

Join the best Torrent Files comunity online.

Download newest Movies, Music, Applications, Video Clips and many more.

Visit www.torrentfiles.ro and signup free!



Alăturaţi-vă comunitatii online Torrent Files.

Descarca Filme, Muzică, Aplicatii, Vizual Clips şi multe alte noutati.

Intra pe www.torrentfiles.ro şi inregistreaza-te gratuit!



In conformitate cu legea 365/2002 privind comertul electronic, acest
mesaj nu este si nu poate fi considerat spam, deoarece contine datele
noastre de identificare si optiunea de dezabonare, acceptarea de primire
a ofertei nu va implica financiar. V-a fost oferit datorita unuia dintre
urmatoarele motive: sunteti in baza noastra de date ca urmare a unor
corespondente anterioare, ati solicitat primirea ofertei noastre, adresa
Dvs. a fost selectata dintr-o baza de date la care ati subscris, adresa
dvs a fost facuta publica prin afisari cu caracter publicitar.
Acest mesaj va este adresat cu scopul de a va invita sa beneficiati de
serviciile companiei noastre si va este transmis in dorinta de a va tine
la curent cu cele mai noi si mai profitabile servicii pe care vi le putem
oferi.
Pentru ca intelegem si apreciem dorinta dumneavoastra de intimitate, ne
cerem scuze daca acest mesaj a ajuns din greseala la dvs, iar daca doriti
sa nu mai primiti astfel de mesaje in viitor va rugam sa urmariti
indicatiile din josul paginii pentru Dezabonare (Unsubscribe).
Daca vi s-au parut interesante ofertele noastre le puteti trimite unui
prieten folosind legatura Forward email. Va multumim pentru intelegere!
Pentru dezabonare trimite-ti un email cu subiectul Dezabonare.

Re: IPSEC encodes traffic to local IP? [SOLVED, kindof...]

[Robert]

Hi,

Problem found (?), so for the records in case someone else runs into the
same  issue...

When configuring the host-host ipsec manually [1] no option is available
to specify the src_flow/dst_flow for the security associations (SAD) and
this seems to cause the problems.
If the setup is done through isakmpd then those options are set
automatically [2] and everything works fine.

So from what I understand there is no way to setup a clean host-host
manually through ipsec.conf only; instead you have to let isakmpd do the
negotiation (which is a good idea anyway) to get src/dst_flow set.


[1] setup done manually (= problems)

*) pc50_root# isakmpd -K -4 -a

*) ipsec.conf
flow esp from 10.10.1.50 to 10.10.1.51 \
 local 10.10.1.50 peer 10.10.1.51 \
 srcid 10.10.1.50 dstid 10.10.1.51 \
 type require
esp transport from 10.10.1.50 to 10.10.1.51 spi 0xabd9da39:0xc9dbb83d \
 srcid 10.10.1.50 dstid 10.10.1.51 \
 authkey
0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8:0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6 


\
 enckey
0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d

*) pc50_root# ipsecctl -f /etc/ipsec.conf
*) pc50_root# ipsecctl -kvvs all
FLOWS:
@0 flow esp in from 10.10.1.51 to 10.10.1.50 local 10.10.1.50 peer
10.10.1.51 srcid 10.10.1.50 dstid 10.10.1.51 type require
@1 flow esp out from 10.10.1.50 to 10.10.1.51 local 10.10.1.50 peer
10.10.1.51 srcid 10.10.1.50 dstid 10.10.1.51 type require

SAD:
@0 esp transport from 10.10.1.50 to 10.10.1.51 spi 0xabd9da39 auth
hmac-sha2-256 enc aes \
authkey
0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8 \
enckey 0xb341aa065c3850edd6a61e150d6a5fd3
sa: spi 0xabd9da39 auth hmac-sha2-256 enc aes
state mature replay 0 flags 0
lifetime_cur: alloc 0 bytes 0 add 1266866658 first 0
address_src: 10.10.1.50
address_dst: 10.10.1.51
key_auth: bits 256:
54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8
key_encrypt: bits 128: b341aa065c3850edd6a61e150d6a5fd3
@0 esp transport from 10.10.1.51 to 10.10.1.50 spi 0xc9dbb83d auth
hmac-sha2-256 enc aes \
authkey
0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6 \
enckey 0xf7795f6bdd697a43a4d28dcf1b79062d
sa: spi 0xc9dbb83d auth hmac-sha2-256 enc aes
state mature replay 0 flags 0
lifetime_cur: alloc 0 bytes 0 add 1266866658 first 0
address_src: 10.10.1.51
address_dst: 10.10.1.50
key_auth: bits 256:
7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6
key_encrypt: bits 128: f7795f6bdd697a43a4d28dcf1b79062d



[2] setup through isakmpd (= works fine)

*) pc50_root# isakmpd -K -4

*) ipsec.conf
ike passive esp transport \
 from 10.10.1.50 to 10.10.1.51 \
 local 10.10.1.50 peer 10.10.1.51 \
 srcid 10.10.1.50 dstid 10.10.1.51 \
 psk TEST

*) pc50_root# ipsecctl -f /etc/ipsec.conf
*) pc50_root# ipsecctl -kvvs all
FLOWS:
@0 flow esp in from 10.10.1.51 to 10.10.1.50 peer 10.10.1.51 srcid
10.10.1.50 dstid 10.10.1.51 type use
@1 flow esp out from 10.10.1.50 to 10.10.1.51 peer 10.10.1.51 srcid
10.10.1.50 dstid 10.10.1.51 type require

SAD:
@0 esp transport from 10.10.1.51 to 10.10.1.50 spi 0x7709d9c3 auth
hmac-sha2-256 enc aes \
authkey
0x79b951f992cf17d041f1224d3c4a9703b9a66db0c5012b65b656fc5109ae59eb \
enckey 0x367fd3fee168706968f605bbf00699f0
sa: spi 0x7709d9c3 auth hmac-sha2-256 enc aes
state mature replay 16 flags 0
lifetime_cur: alloc 0 bytes 2448 add 1266865920 first 1266866026
lifetime_hard: alloc 0 bytes 0 add 1200 first 0
lifetime_soft: alloc 0 bytes 0 add 1080 first 0
address_src: 10.10.1.51
address_dst: 10.10.1.50
key_auth: bits 256:
79b951f992cf17d041f1224d3c4a9703b9a66db0c5012b65b656fc5109ae59eb
key_encrypt: bits 128: 367fd3fee168706968f605bbf00699f0
identity_src: type fqdn id 0: 10.10.1.51
identity_dst: type fqdn id 0: 10.10.1.50
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 10.10.1.51
dst_flow: 10.10.1.50
lifetime_lastuse: alloc 0 bytes 0 add 0 first 1266866075
@0 esp transport from 10.10.1.50 to 10.10.1.51 spi 0x9aec4ceb auth
hmac-sha2-256 enc aes \
authkey
0x0e277d8457bbdb4ae5f9d391f2e568250b6d11af6226b1a0406b8ad92e155d28 \
enckey 0x205ddd7b6fb2dd9876b49281beef9a8b
sa: spi 0x9aec4ceb auth hmac-sha2-256 enc aes
state mature replay 16 flags 0
lifetime_cur: alloc 0 bytes 1581 add 1266865920 first 1266866026
lifetime_hard: alloc 0 bytes 0 add 1200 first 0
lifetime_soft: alloc 0 bytes 0 add 1080 first 0
address_src: 10.10.1.50
address_dst: 10.10.1.51
key_auth: bits 256:
0e277d8457bbdb4ae5f9d391f2e568250b6d11af6226b1a0406b8ad92e155d28

Re: pfctl table cleared time is jumping around

[Michael Lechtermann]

Hi,

 it's a slightly weird side-effect. a quick glance indicates that the
 tzero timestamp is part of the stats struct and tables don't keep
 stats/counters by default any more. for some time tho. i don't
 remember any recent changes to the table code (as if anybody wanted to
 touch that mess)
 by default, does that mean it is possible to somehow keep the
 stats/counters with a configuration option and have it work again?
 
 Add 'counters' to the table definition.

That didn't fix it. The stats are shown now, but the dates are still
jumping around. :-(

Michael

Re: pf packet tagging and keep state

[Andreas Mueller]

Henning Brauer wrote:
 err? packets matching the state are of course queued in the queue
 specified in the rule, what else?

Maybe I am influenced too much with linux traffic-shaping/firewalling.
And from that point, I was not concious about what pf keeps track of with
its state-engine because I did not read anything about this in the
man-pages.
I only read that no further rule-elevation at all will be done on
packets matching a state. All references on stickyness of attributes
in the man-page are about further rules matching a packet, not those
which allready matched a state.
Maybe it should be stated in pf.conf(5) what the state-engine keeps
track of, just to clarify.
At least that does not seem intuitive to me.

Another inconsistency for me would be scrub, or now match .. scrub,
will all packets be scrubbed in a state, will they be matched or just
scrubbed by the state-engine?
If matched, then there would be an elevation after all.


Sorry for misusing this thread for that but with the first post of the OP
it seemed the right place.


Bye and thanks in advance,
Andreas Mueller.

Re: OpenBSD Volunteer needed today in Los Angeles - Solved!

[Nick Bender]

On Monday, February 22, 2010, Bret S. Lambert bret.lamb...@gmail.com wrote:
 Unless some benefactor is willing to come forward and deal with the
 logistical headache of doing the paperwork and keeping it all as
 up to date as it needs to be, it's not going to happen, even if
 getting an EAL meant ponies, rainbows, and money trees for everybody.


Ponies and rainbows? Forget it.

Money tree? Drop me an email. I would love to get paid to do somethng
with my CISA...

-N

Beach POaradise Cancun 5* noche Gratis, Hotetur

[Beach Paradise Cancun]

En caso de no poder ver correctamente este correo favor de dar haga clic aqum
Le interesa recibir nuestros email?
 








Promocisn 5X4 (comisionable al 10% para las Agencias de Viajes)
Tarifa especial de 950 pesos Por Persona en PLAN ALL INCLUSIVE base Doble en 
habitacisn standard con vista al mar o a la laguna  LA QUINTA NOCHE ES 
GRATIS (no acumulable ni combinable con otras promociones)
Suplemento Sencilla: $300.00 pesos por noche
Exclusivo Mercado Nacional
Fechas de Viaje: del 01 de Marzo al 30 de Abril, 2010 (Sujeto a espacio)
Reservar antes del 15 de Abril, 2010

Observaciones:
Ocupacisn Maxima: 4 personas 
TODAS LAS TARIFAS SON POR PERSONA POR NOCHE
Tarifas en pesos Mexicanos, todos los impuestos incluidos

Promocisn Niqos GRATIS:
Promocisn hasta 2 menores de 0-12 aqos GRATIS compartiendo habitacisn con dos 
adultos de Ene 30 - Dic 20, 2010. En caso de que exista hasta un 3er Menor 
(0-12 aqos) este tendrma que pagar costo de menor $ 350 pesos y solo es 
permitido en la habitacisn tipo estandar. En los casos que el uso de la 
habitacisn sea en base SENCILLA, los niqos de (03-12) aqos pagan el costo de 
menor $ 350 pesos (solo mercado Nacional)

Especial para Lunamieleros
Upgrade a One bedroom Suite (Sujeto a disponibilidad)
Decoracisn de manera especial la habitacisn
01 botella de vino espumoso 
01 Canasto de frutas

Suplementos One bedroom suite:
Para la habitacisn One Bedroom Suite se tendra que cobrar un Suplemento de $ 
125 pesos por persona por noche

Nota:
El hotel no acepta grupos de estudiantes Spring Break




email: reservas.parad...@hotetur.com o reserve

www.hotetur.com
 

Este mensaje fue enviado para informacisn de nuestras promociones. No 
pretendemos saturar su correo ni causarle molestias. Este mensaje de correo 
electrsnico no se considera SPAM, ya que cumple con lo establecido en el 
capmtulo VIII BIS de los lineamientos sobre comercio electrsnico publicados por 
la PROFECO, ademas de contener instrucciones y una forma electrsnica para 
notificar y solicitar la cancelacisn de su envmo y no continuar recibiindolo. 
Si no desea recibir en un futuro estos mensajes favor de hacer clic en ( 
unsuscr...@pqstravel.com ) y sera removido de nuestra lista en 72 horas.
Si desea informacisn sobre nuestros servicios, contactennos a m...@pqstravel.com

$100 to configure ALTQ on a 4.6 router

[Ted Walther]

I have a simple setup; a soekris box running 4.6 doing NAT for my local
network.

I'd like a configuration to give skype traffic top priority, then my DNS
server, then ssh sessions, then http and SSL, then everything else, and
bittorrent.  I have so little upload bandwidth I don't want to waste
any; only 80k up on a good day, and the web server is hosting stuff
almost constantly.

If this is up your alley, and you know this stuff inside out, please
contact me and I'll fill in a couple more details of my internal network
and provide the current NAT configuration in use (which has some stuff
in it to work with the special DNS setup)

Ted

--
   Nothing is true unless it makes you laugh,
  But you don't understand it until it makes you weep.

Name:Ted Walther
Phone:   208-310-7032
Skype:   tederific
Email:   t...@reactor-core.org
Address: #225 17700 58 Ave, Cloverdale, BC V3S1L6

Re: $100 to configure ALTQ on a 4.6 router

[Scott Learmonth]

On Mon, Feb 22, 2010 at 05:59:18PM -0800, Ted Walther wrote:
 I have a simple setup; a soekris box running 4.6 doing NAT for my local
 network.
 
 I'd like a configuration to give skype traffic top priority, then my DNS
 server, then ssh sessions, then http and SSL, then everything else, and
 bittorrent.  I have so little upload bandwidth I don't want to waste
 any; only 80k up on a good day, and the web server is hosting stuff
 almost constantly.
 
 If this is up your alley, and you know this stuff inside out, please
 contact me and I'll fill in a couple more details of my internal network
 and provide the current NAT configuration in use (which has some stuff
 in it to work with the special DNS setup)
 

Look at altq, in the man pages and maybe the faq. I don't know this stuff 
inside outby any means, but honestly, check it out, experiment, and then 
donate the $100 to OpenBSD. Or whatever you want, but you'll make the baby 
Jigglypuff cry.



 Ted
 
 -- 
  Nothing is true unless it makes you laugh,
 But you don't understand it until it makes you weep.
 
 Name:Ted Walther
 Phone:   208-310-7032
 Skype:   tederific
 Email:   t...@reactor-core.org
 Address: #225 17700 58 Ave, Cloverdale, BC V3S1L6

Re: Is it time to replace this hard disk?

[Siju George]

On Tue, Feb 23, 2010 at 7:45 AM, Jason Beaudoin jasonbeaud...@gmail.com wrote:
 On Mon, Feb 22, 2010 at 4:00 AM, Siju George sgeorge...@gmail.com wrote:
 On Mon, Feb 22, 2010 at 12:19 PM, Johan Beisser j...@caustic.org wrote:
 On Sun, Feb 21, 2010 at 10:15 PM, Siju George sgeorge...@gmail.com wrote:
 Hi,

 I get a few of this kind of error during a forced manual fsck at boot.

 Feb 15 15:43:51 fw2 /bsd: wd0g: uncorrectable data error reading fsbn
 5392325 (wd0 bn 24734585; cn 1539 tn 167 sn 29)
 Feb 15 15:43:51 fw2 /bsd: wd0g: uncorrectable data error reading fsbn
 5392326 (wd0 bn 24734586; cn 1539 tn 167 sn 30), retrying

 I guess it is time to replace the Disk?

 Yes.


 not necessarily.. I had a wacky HD controller that provided similar
 results in dmesg, but if the op asked, I'm guessing that isn't the
 case :P


Ok I am running with that disk any way to see how far it goes :-)
It is a second firewall and if it goes I can route the traffic throguh
the first one. So no problem

thanks

--Siju

Re: OpenBSD Volunteer needed today in Los Angeles - Solved!

[Steve Shockley]

On 2/22/2010 9:23 AM, Bret S. Lambert wrote:

Unless some benefactor is willing to come forward and deal with the
logistical headache of doing the paperwork and keeping it all as
up to date as it needs to be, it's not going to happen, even if
getting an EAL meant ponies, rainbows, and money trees for everybody.


Can't someone just port it from FreeBSD?

Sparc classic serial ports ttya vs cuaa

[Alex Carver]

Hi all,

I've been working on getting gpsd working on one of my old Sun IPXes but 
I've run into a problem with ldattach needing the /dev/cuaa device.  The 
serial port /dev/ttya is working with gpsd directly but ldattach 
requires /dev/cuaa.  However, according to the system logs, ldattach 
issues the error (ldattach is run as root):


ldattach: can't open /dev/cuaa: Device not configured

However, the device does exist in the /dev tree:

# ls -l /dev/cuaa
crw-rw  1 uucp  dialer   12, 128 Feb 21 18:52 /dev/cuaa

THe matching tty also exists

# ls -l /dev/ttya
crw-rw  1 uucp  dialer   12,   0 Feb 21 18:52 /dev/ttya

I'm at a loss to understand what's going on.

Straight use of /dev/ttya and gpsd works fine, gpsd is able to detect 
the GPS receiver plugged into the port.  However, I need ldattach for 
the PPS discipline that I'm feeding through the DCD line.


The system is being booted with a keyboard and display plugged in so, as 
far as I know, no gettys are attaching to the serial ports.


Thanks

Re: OT: opinions on IDS / IPS solutions

[Jason Beaudoin]

Having looked into BroIDS and a couple of potential options/setups,
I'd be interested in hearing anyone's experience working with either
or both BroIDS / Snort..

 - i like that BroIDS is network-based as opposed to signature, though
it doesn't seem like Bro has frontend as polished as one might like..
are the alarms only sent out via mail/etc.. or are there utilities to
help parse/graph/htmlize the results? I like the idea of something
like BASE for analysis.

 - anyone running BroIDS / snort who might be able to share the system
specs and what sort of traffic / analysis / capturing they are doing?

 - is BroIDS capable of working in sentry mode, as a sensor
reporting to one analysis system? I see the options for full capturing
and offline analysis, but this is just going to spit out some flat
files.. getting them to another system for analysis seems a bit
cumbersome..

 - in terms of BroIDS/Snort and PF.. who comes first in processing
network traffic?

 - is Bro able to log, compress, store and index events for later
reviewing/searching? or should I just have the events forwarded to a
central logging server running splunk..?


thanks for the insight..

~Jason

ULTIMOS DÍAS - Talleres de capacitación empresarial de la IMM - Febrero 2010

[Eventos | ESAG Uruguay]

TALLERES DE VERANO 2010

UNIDAD PYMES (IMM)



Seminario de capacitacisn en

Gestisn de recursos humanos

A cargo estaran 3 docentes uruguayos de amplia experiencia y formacisn.

Carga horaria: 12 horas de capacitacisn en 3 jornadas. Se incluyen materiales 
extra, coffee break y certificado.

Inicio: Jueves 25 de febrero de 18 a 22 hs. - Parque Batlle, Montevideo.

Seminario de capacitacisn en

Gestisn de cobranzas y fidelizacisn de clientes

Docentes: Prof. Daniel Alcoba - Martmn Lima

Carga horaria: 12 horas de capacitacisn en 3 jornadas. Se incluyen materiales 
extra, coffee break y certificado.

Inicio: Miircoles 3 de marzo de 18 a 22 hs. - Parque Batlle, Montevideo. 

 

Inversisn de cada taller: 600 pesos uruguayos (precio final).

Puede abonar por BROU, ABITAB o Cobrador.

 

Informes: 314.1688*

 





ULTIMOS DMAS - CUPOS LIMITADOS

 

 

Si desea no recibir mas novedades por mail puede enviar un correo con el 
asunto: BAJA, para ser automaticamente eliminado.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
mail_esag_logo4.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
mail_mail.jpg]

Re: OT: opinions on IDS / IPS solutions

[Jason Beaudoin]

On Tue, Feb 23, 2010 at 12:40 AM, Johan Beisser j...@caustic.org wrote:
 On Mon, Feb 22, 2010 at 8:53 PM, Jason Beaudoin jasonbeaud...@gmail.com
wrote:

  - in terms of BroIDS/Snort and PF.. who comes first in processing
 network traffic?

 hardware interface
 kernel device driver
 bpf/pcap -- application (tcpdump, snort, BroIDS, etc)
 packet filter (PF)


thanks you Johan!

Re: OpenBSD Volunteer needed today in Los Angeles - Solved!

[Michael Dexter]

Steve Shockley wrote:
 On 2/22/2010 9:23 AM, Bret S. Lambert wrote:
 Unless some benefactor is willing to come forward and deal with the
 logistical headache of doing the paperwork and keeping it all as
 up to date as it needs to be, it's not going to happen, even if
 getting an EAL meant ponies, rainbows, and money trees for everybody.
 
 Can't someone just port it from FreeBSD?

Can't port a process but a group certification may be an option.

Note the recent Re: Is OpenBSD + PF accredited or certified in any way
? thread.

I'll inquire with GeNUA, FreeBSD and the person who asked at the conference.

Do any OpenBSD Foundation people care about EAL?

Michael

Η ΖΩΗ ΑΝΤΑΠΟΚΡΙΝΕΤΑΙ ΣΤΙΣ ΔΙΕΚΔΙΚΗΣΕΙΣ! - σεμινάριο

[Akis Angelakis]

LAHE MA DIEJDIJEIS!

(Assertiveness Training)

S\bbato 27 Vebqouaq_ou, ?qer 17:45  21:00

Ap| tg fy^ dem pa_qmoule |,ti an_foule akk\ |,ti diejdijo}le!

O jgr Accek\jgr paqousi\fei lia spouda_a epist^loma jai j\mei s}mtolg
eisacyc^ stgm +t]wmg; tou ma lpoqo}le ma diejdijo}le jai ma pa_qmoule |ka
|sa lar an_foum stg fy^, stg doukei\ jai stir sw]seir.

Diejdijgtij|tgta omol\foule tgm ijam|tgta tou at|lou ma lpoqe_ ma
ejvq\fei tir apait^seir tou jah~r jai tgm ijam|tgt\ tou ma tir
pqaclatopoi^sei.

To diejdijgtij| \tolo elpiste}etai tom eaut| tou |ti lpoqe_ ma ejvq\sei
tir epihul_er tour jai mi~hei |ti ]wei tir ijam|tgter cia ma tir
pqaclatopoi^sei.

Eisgc^tqia : AMASTASIA SOVIAMOPOUKOU, Jkimij^ Xuwok|cor  Xuwoheqape}tqia

H Amastas_a Soviamopo}kou e_mai ap|voitor tou Pqocq\llator Xuwokoc_ar tgr
Vikosovij^r Swok^r tou Pamepistgl_ou Ahgm~m, jai tou Letaptuwiajo}
Pqocq\llator Eid_jeusgr stgm Jkimij^ Xuwokoc_a tou id_ou Tl^lator. Ap|
tom Ojt~bqio 2008 e_mai upox^via Did\jtyq Jkimij^r Xuwokoc_ar sto
Pamepist^lio Ahgm~m. Ejpaide}tgje sto Imstito}to 8qeumar jai Heqape_ar
tgr Sulpeqivoq\r yr Xuwoheqape}tqia cmysiaj^r/ sulpeqivoqistij^r
jate}humsgr. 8wei did\nei se vqomtistgqiaj\ lah^lata jai selim\qia tou
Pqocq\llator Xuwokoc_ar, jai ]wei sullet\swei le pqovoqij]r jai
amaqtgl]mer amajoim~seir se Pamekk^mia jai Euqypazj\ Sum]dqia. 8wei
sumeqcaste_ stgm pqosaqloc^ sta ekkgmij\ heqapeutij~m ecweiqid_ym sto
w~qo tgr cmysiaj^r-sulpeqivoqistij^r heqape_ar, jah~r jai stg succqav^
\qhqym jai epistglomij~m jevaka_ym se ekkgmij\ jai nem|ckyssa bibk_a. Ap|
to 2008 sumeqc\fetai le to Imstito}to 8qeumar jai Heqape_ar tgr
Sulpeqivoq\r se ejpaideutij\ jai eqeumgtij\ h]lata, em~ ap| tom Iamou\qio
2010 e_mai epistglomij^ sumeqc\tida tou Tl^lator Heqapei~m Paidi~m jai
Ev^bym tou IEHS. Paq\kkgka eqc\fetai idiytij\ yr Jkimij^ Xuwok|cor 
Xuwoheqape}tqia.

St|wor tou selimaq_ou : Ma jatamo^sete e}joka jai biylatij\ le poiour
tq|pour lpoqe_te ma aun^sete tgm autopepo_hgs^ sar ~ste ma +oqh~mete;
paq\stgla jai ma lpoqe_te ma diejdije_te le ^qelo jai apovasistij| tq|po
|ka |sa piste}ete |ti sar an_foum stgm pqosypij^ jai eqcasiaj^ sar fy^.

Se poio}r apeuh}metai: To selim\qio e_mai eidij\ swediasl]mo cia \tola
pou h]koum ma dumal~soum apotekeslatij\ to dija_yla ma fgto}m jai ma
pa_qmoum, wyq_r ma ]qwomtai se sucjqo}seir le tour \kkour amhq~pour.
Paq\kkgka, ma bogh^sei ma apojt^sete aj|la jak}teqer deni|tgter se h]lata
diapqosypij^r sulpeqivoq\r jai epijoimym_ar.

Emdeijtij^ Helatokoc_a: To selim\qio e_mai pko}sio se ukij| se apk^ jai
jatamogt^ ck~ssa, ap| tewmij]r pou aun\moum tgm autopepo_hgsg jai sar
laha_moum ma diejdije_te le epituw_a, l]sa ap| biylatij]r asj^seir.

  * L]sa ap| apk^, jatamogt^ jai biylatij^ xuwo-ejpa_deusg jai asj^seir,
ha c_mete cm~ster |kym tym diavoqetij~m loqv~m epijoimym_ar.

  * P~r ma lpoqe_te ma epik]cete tgm pio jat\kkgkg cia tgm j\he
peq_stasg.

  * Poier e_mai oi pio apotekeslatij]r tewmij]r jai pqajtij]r evaqloc]r
tgr diejdijgtij^r sulpeqivoq\r.

  * P~r ma diaweiq_feste ta sumaish^lat\ sar |tam bq_sjeste se
jatast\seir pou pqojako}m p_esg, algwam_a, abebai|tgta jai ejmeuqisl|
le ap~teqo st|wo tgm a}ngsg tgr autopepo_hgsgr sar jai tg bekt_ysg
tou tq|pou pou epijoimyme_te, diapqaclate}este jai ejvq\fete tir
epihul_er jai epidi~neir sar.

Til^ sulletow^r 110 - G til^ sulletow^r sulpeqikalb\mei sglei~seir jai
Beba_ysg Paqajoko}hgsgr.

Tgk]vyma sulletow~m 210-2512988  210-2584880

i...@image-a.gr

Am dem epihule_te ma kalb\mete tgm paqap\my akkgkocqav_a, paqajako}le
pat^ste ed~