Re: Predictable network interface numbering
On Wed, 2 Feb 2011 09:00:10 -0500 Jean H. Theoret ve...@rac.ca wrote: This one's got me stumped for a few days now... How is it possible to control the network interface numbering assignment order? Here's my specific case: the box has 2 on-board Ethernet interfaces and a 3rd one on a PCI-Express card. They come up as: re0: PCI-Express card re1: on-board interface #1 re2: on-board interface #2 A recent event had disabled the PCI card, and the remaining network interfaces ended up being reassigned (upon the next reboot, of course) as: re0: on-board interface #1 re1: on-board interface #2 Could this have been prevented by forcing network interface assignment to on-board interface _first_, then the PCI card? Or is there a way to bind network interface assignment to the adapter's MAC address as numbering hint? I think you should be fine using the tricks like bringing the real interface to vether(4), or even doing trunk(4) with only one running interface. YMMV, though. -- With best regards, Gregory Edigarov
Ultimi articoli di COSTUME E SOCIETA'
[IMAGE] Se non sei ancora iscritto alla Newsletter di NanniMagazine clicca QUI /TR Facebook: Facebook Diventa Fan RSS: d Sottoscrivi gli RSS Newsletter Nr. 15 del 2 Febbraio 2011 Le altre rubriche: Costume Tech life Donne Famiglia [IMAGE] NanniMagazine h un periodico di informazione giornalistica di inchiesta che ha come obiettivo lapprofondimento della realt`, per quanto possibile, prendendo spunto dallattualit` e offrendo maggiori particolari rispetto a quelli citati da quotidiani, agenzie, blog, etc. Partendo da un fatto, la redazione, lo analizza, lo approfondisce e fornisce, a corredo, elementi descrittivi che tendono a completare il quadro di riferimento in cui il fatto h accaduto. La struttura editoriale h una realt` molto piccola che vive con pochi mezzi ma con molta passione, umilt` e un enorme impegno dei suoi collaboratori. GLI ULTIMI ARTICOLI PUBBLICATI NELLA RUBRICA: Costume e Societ` [IMAGE] Asilo nido: chi lo frequenta sar` piy bravo a scuola Non h certo una questione nuova: si dibatte da anni sul tema 'asilo nido', discutendo se sia fondamentale, per il bambino, frequentare un ambiente 'scolastico' che lo accompagner` alle soglie della prima... [IMAGE] Giochi di carte online: ora nascono le 'metropoli virtuali' Saremo stati anche un popolo di poeti, santi e navigatori, adesso siamo sicuramente un popolo di giocatori. Incalliti. La febbe da poker on line continua a salire, e si porta dietro tutti i giochi di carte piy antichi e... [IMAGE] Natura terapeutica: in Umbria nascono i parchi 'curativi' Quando si immagina una cura per lo stress e il grigiore quotidiano, raramente si sceglie un luogo che non sia immerso nella natura: nel profumo di terra e vento, frusciare di foglie e chiacchiericcio di uccelli, sembrano rigenerarsi corpo e mente [IMAGE] In Cina impazzano gli internauti: un abitante su tre h sul web Il web cinese, primo al mondo per numero di internauti, h ancora piy forte: secondo le statistiche ufficiali diffuse dalle autorit` di Pechino, i navigatori cinesi hanno raggiunto quota 457 milioni, ossia piy di un terzo... [IMAGE] 'Alfabeti migranti': Cnr, accesso ai testi filosofici antichi grazie al Web 2.0 Nella societ` della globalizzazione a migrare non solo le persone, ma anche le lingue e i saperi. Questa l'idea di fondo di 'Migrazioni di alfabeti', linea di ricerca dellIstituto per il lessico intellettuale europeo e storia delle... [IMAGE] Divorzi conflittuali: il massacro psicologico dei figli contesi La struttura mentale e psicologica di un individuo si forma da una relazione primaria fondante, quella con i genitori. Lo squilibrio, le carenze o anche solo la disarmonia nel nucleo familiare sono dunque destinate, secondo l'opinione di molti... Se ti piace questo progetto, se hai qualcosa da dire o da condividere puoi: inviare un articolo, uno studio, una ricerca Gli scritti possono essere gi` pubblicati oppure originali. Lo scritto va inviato, in formato word o rft, come allegato di posta elettronica all'indirizzo c...@nannieditore.it segnalare un evento NanniMagazine.it pubblica gratuitamente gli appuntamenti ed i convegni .Invia la tua segnalazione per posta elettronica all'indirizzo c...@nannieditore.it evidenziare una notizia di cronaca Se trovi una notizia interessante, se leggi un sondaggio curioso o quant'altro pur riguardare i temi di NanniMagazine.it, inviali direttamente sullo spazio c...@nannieditore.it segnalare un libro o un sito internet interessante NanniMagazine.it nasce proprio dalla condivisione di culture, esperienze, letture, incontri che ci hanno fatto crescere Copyright ) Nanni Editore nbs p; Hai ricevuto questa email perchh sei iscritto alla newsletter di Nannimagazine o perchh sei in contatto con la Nanni Editore oppure hai esplicitamente indicato , sul sito di appartenenza, la mail per essere contattato. Iscrizione alla newsletter. Se non siete ancora iscritti alla Newletter di nannimagazine Cliccate QUICancellazione Per non ricevere piy la Newsletter di Nannimagazine, Cliccate QUI
Ils prennent l'habitude de ne pas payer
Si vous ne visualisez pas ce message, suivez ce lien En partenariat avec FRANCE CREANCES Comment iviter l'impayi et encaisser vos factures ` ichiance ? Une journie de formation pour optimiser votre recouvrement et amiliorer votre trisorerie en priservant votre image commerciale La journie de formation au recouvrement par tiliphone, c'est : gagner en compitence et renforcer l'efficaciti du recouvrement. compliter ses connaissances par une mithodologie de relances. cerner l'intirjt d'un encaissement rapide en tenant compte des spicificitis de chaque mitier. Le formateur : Madeleine GORRIAS Dipltmie d'itudes supirieures de Doctorat en Droit, est spicialisie dans le traitement d'impayis et a diveloppi pour les clients de FRANCE CREANCES une approche concrhte de tout ce qui concerne la gestion du risque client. Les + de GORRIAS CONSULTANTS : les formations de GORRIAS CONSULTANTS sont certifiies ISO 9001. l'agriment des formations qui permet la prise en charge auprhs de votre OPCA. Les participants recevront gratuitement le Lexique juridique pour l'entreprise dont Madeleine GORRIAS est co-auteur. Un support de formation remis ` chaque stagiaire. Une assistance GRATUITE par le formateur pendant les 3 mois suivants la formation. Ils ont fait confiance ` GORRIAS CONSULTANTS : A+BENNES, ACTIMAIL, ATELIER DES TERRITOIRES, AIRCELLES (GROUPE SAFRAN), ARTISANAT SEL, BATIR ET VOIR, BRIOUDE INTERNET, BURO CLUB, CABINET SURIA, ARTCHITECTE, CIVEDI, ESPACE ISOLATION, EFFIA PARKING, FRANCE INDUSTRIE, FERMIERS DE ROCAMADOUR, HOLDING TROPHY, HORIZON SOFTWARE, IRFIP, INTERNET.FR, SIMON AVOCATS ASSOCIES, IPSOS FRANCE, JS SERVICES, PANAMETRICS, MINALE DESIGN STRATEGY, MT3E, MASTER IMPACT, ORDINAL, TECHNOLOGIES, POTEL CHABOT, TELECONTACT, SOFRECOM, SOGIRC, SOGECID, WEB ISI, EXPERTISE GALTIER, IDFA, UDOWEB, FASTBOOKING, HUHTAMAKI, SPRING TECHNOLOGIES, OTIS, INTUITION INFORMATIQUE, FITEC, LAN, JOURNAL LA LOI, OCAI, IVALUA, BASF, TRANSPORTS FOURNIER, CABINET D'EXPERTS COMPTABLES CREUZOT, etc. Pour vous deacute;sabonner, cliquez ici
Re: Predictable network interface numbering
hmm, on Fri, Feb 04, 2011 at 01:28:31PM +1100, Rod Whitworth said that So it's easy to remember 0 is for 0utside, 1 is for 1nside and 2 is for 2ervers. that is really nice actually. now i appreciate the blanket numbering more. -f -- has a room temperature iq.
make keep state (no-sync) the default?
Hi folks, from a previous thread on this list I learned that keep state (no-sync) should be added to all rules concerning either a local service or local client running on the gateway itself. Esp. when you do nat this becomes pretty error-prone. Its easy to forget. AFAICS something like match out from self to any keep state (no-sync) match out on $ext_if inet nat-to ($ext_if:0) is not allowed (keep state is great, but only for pass rules). Is there some other way to avoid a lot of keep state (no-sync) statements? Any helpful comment would be highly appreciated. Regards Harri
Re: antispoof quick for self
** moving from misc@ to tech@, reply-to is set to tech@ ** Harald Dunkel harald.dun...@aixigo.de wrote: If I add antispoof quick for self to my pf.conf to enable antispoofing on all interfaces, then I get these additional rules: block drop in quick on ! self inet from __automatic_3df3184e_0 to any block drop in quick on ! self inet6 from ::1 to any block drop in quick inet6 from ::1 to any block drop in quick on lo0 inet6 from fe80::1 to any block drop in quick on em0 inet6 from fe80::260:e0ff:fe4b:d2ec to any block drop in quick on em1 inet6 from fe80::260:e0ff:fe4b:d2ed to any block drop in quick on em5 inet6 from fe80::260:e0ff:fe4b:d2f1 to any block drop in quick on em6 inet6 from fe80::260:e0ff:fe4b:d2f2 to any block drop in quick on carp0 inet6 from fe80::200:5eff:fe00:10a to any block drop in quick on carp1 inet6 from fe80::200:5eff:fe00:107 to any block drop in quick on carp5 inet6 from fe80::200:5eff:fe00:111 to any block drop in quick inet from __automatic_3df3184e_1 to any The automatic tables contain the local networks and the local IP addresses, including carp interfaces. I am not sure about the on ! self. Ain't this a contradiction in terms? Sorry for asking, but self is just very briefly described on pf.conf(5). Any helpful comment would be highly appreciated. Using self to represent all addresses on the system is only valid in a context where an IP address would be used (refer to the BNF at the bottom of pf.conf(5) which is probably the best guide to the file format; self is used in hosts and tableaddr). The antispoof keyword accepts the name of an interface or an interface group, so in this case it is being interpreted as an interface group. However (unless you have created it) there is no actual group named self. And actually, even if a group of that name exists, antispoof doesn't behave correctly unless the group only contains a single interface. I think it would have to expand groups at config-load time to the set of interfaces in that group e.g. treat 'antispoof for somegroup' as if you wrote 'antispoof for em0', 'antispoof for em1', etc. for each member of the group. As a discussion point this diff (not intended to commit as-is) prevents groups/self from being used in antispoof, but it's a bit unpleasant for anyone who uses antispoof for egress with a single interface in the egress group, which is treated sanely without this diff. Index: parse.y === RCS file: /cvs/src/sbin/pfctl/parse.y,v retrieving revision 1.597 diff -u -p -r1.597 parse.y --- parse.y 31 Dec 2010 12:15:31 - 1.597 +++ parse.y 4 Feb 2011 11:59:09 - @@ -1083,7 +1083,7 @@ antispoof : ANTISPOOF logquick antispoof h-addr.iflags = PFI_AFLAG_NETWORK; } else { h = ifa_lookup(j-ifname, - PFI_AFLAG_NETWORK); + PFI_AFLAG_NETWORK, 0); hh = NULL; } @@ -1107,7 +1107,7 @@ antispoof : ANTISPOOF logquick antispoof if (hh != NULL) h = hh; else - h = ifa_lookup(i-ifname, 0); + h = ifa_lookup(i-ifname, 0, 0); if (h != NULL) expand_rule(r, 0, NULL, NULL, NULL, NULL, NULL, NULL, h, Index: pfctl_parser.c === RCS file: /cvs/src/sbin/pfctl/pfctl_parser.c,v retrieving revision 1.273 diff -u -p -r1.273 pfctl_parser.c --- pfctl_parser.c 23 Jan 2011 11:19:55 - 1.273 +++ pfctl_parser.c 4 Feb 2011 11:59:09 - @@ -1318,7 +1318,7 @@ ifa_grouplookup(const char *ifa_name, in for (ifg = ifgr.ifgr_groups; ifg len = sizeof(struct ifg_req); ifg++) { len -= sizeof(struct ifg_req); - if ((n = ifa_lookup(ifg-ifgrq_member, flags)) == NULL) + if ((n = ifa_lookup(ifg-ifgrq_member, flags, 1)) == NULL) continue; if (h == NULL) h = n; @@ -1334,16 +1334,16 @@ ifa_grouplookup(const char *ifa_name, in } struct node_host * -ifa_lookup(const char *ifa_name, int flags) +ifa_lookup(const char *ifa_name, int flags, int allow_group) { struct node_host*p = NULL, *h = NULL, *n = NULL; int got4 = 0, got6 = 0; const char *last_if = NULL; - if ((h = ifa_grouplookup(ifa_name, flags)) != NULL) + if (allow_group (h = ifa_grouplookup(ifa_name, flags)) !=
Re: Predictable disk device numbering
Hi, I have a similar problem since I an using softraid to encrypt /var and /home. The softraid device is usually on sd0. But when I have an usb mass storage device plugged in during boot up it gets assigned to sd0 and softraid gets sd1. Still, my fstab tries to mount from /dev/sd0X. This can be annoying. Is there no way to reserve sd0 or tell bioctl to use a higher number for the softraid sdX? With vnd(3) this is not so much of a problem, because vnd(3) devices won't conflict with unpredictable things like usb-sticks, which share the sd(4) namespace. Christopher
Re: nat static-port option
On 3. feb. 2011, at 17.37, Bret S. Lambert wrote: On Thu, Feb 03, 2011 at 07:31:01AM -0800, Johan Beisser wrote: On Feb 3, 2011, at 5:17, Martin SchrC6der mar...@oneiros.de wrote: 2011/2/3 Bret Lambert bret.lamb...@gmail.com: Counting my toaster? Your toaster has an IP? Yours doesn't? He's got IPv6! His *cockroaches' toasters* have IPs! He don't appear to 'have' IPv6... http://www.ris.ripe.net/dashboard/24640 /Pete
Audio-Video-Iluminacion para tus Eventos
Tienes un evento? Necesitas mzsica, pantallas, videos, fiesta, reventsn, etc. BeatBox te ofrece audio, video e iluminacisn para tus eventos corporativos, privados, bodas y de cualquier tipo. Para mayor informacisn por favor visita: http://www.webbcenter.com/audiovideo.html BeatBox Fernando Fernandez 044555-437-2658 fernand...@webbcenter.com
Re: Predictable disk device numbering
On Fri, 4 Feb 2011 14:32:15 +0100, Christopher Zimmermann madro...@zakweb.de wrote: I have a similar problem since I an using softraid to encrypt /var and /home. The softraid device is usually on sd0. But when I have an usb mass storage device plugged in during boot up it gets assigned to sd0 and softraid gets sd1. Still, my fstab tries to mount from /dev/sd0X. This can be annoying. it is, but an easy way to avoid this is to use the UID to mount. If your sd0X has no UID, simply open it with disklabel and save without other changes - this generates one. You can then change /dev/sd0X to UID.X in your fstab. Matthias
Re: Predictable disk device numbering
On 02/04/2011 08:32 AM, Christopher Zimmermann wrote: Hi, I have a similar problem since I an using softraid to encrypt /var and /home. The softraid device is usually on sd0. But when I have an usb mass storage device plugged in during boot up it gets assigned to sd0 and softraid gets sd1. Still, my fstab tries to mount from /dev/sd0X. This can be annoying. Is there no way to reserve sd0 or tell bioctl to use a higher number for the softraid sdX? With vnd(3) this is not so much of a problem, because vnd(3) devices won't conflict with unpredictable things like usb-sticks, which share the sd(4) namespace. Christopher man diskmap man mount (search for UID) Nick.
Re: Predictable disk device numbering
On 02/04/11 15:10, Matthias Guedemann wrote: On Fri, 4 Feb 2011 14:32:15 +0100, Christopher Zimmermann madro...@zakweb.de wrote: I have a similar problem since I an using softraid to encrypt /var and /home. The softraid device is usually on sd0. But when I have an usb mass storage device plugged in during boot up it gets assigned to sd0 and softraid gets sd1. Still, my fstab tries to mount from /dev/sd0X. This can be annoying. it is, but an easy way to avoid this is to use the UID to mount. If your sd0X has no UID, simply open it with disklabel and save without other changes - this generates one. You can then change /dev/sd0X to UID.X in your fstab. Matthias Thanks! Just what I needed :)
Re: nat static-port option
2011/2/4 Pete Vickers p...@systemnet.no: He don't appear to 'have' IPv6... DTAG will offer v6 to all it's customers later this year. It's only the largest telco in Germany. :-) Best Martin
Re: nat static-port option
* Ted Unangst (ted.unan...@gmail.com) wrote: On Wed, Feb 2, 2011 at 11:23 AM, Martin Schrvder mar...@oneiros.de wrote: 2011/2/2 Henning Brauer lists-open...@bsws.de: who sez that your made up isp has to hand out network-wide unique IPs to his customers? AFAIK Comcast already has 2^24 customers. And they seem to be doing just fine. What's the problem again? ..dont want to fuel a flame war here but i heard stuff like ATT is using 40 instances of 10/8 indicates that big operators needs to bend themselves backwards to get their stuff together. And T-Mobile US is about to launch an IPv6 only + NAT64 mobile service, will be interesting to see how that plays out.. Cheers, /Joakim
Re: nat static-port option
On Fri, Feb 4, 2011 at 2:45 PM, Martin Schrvder mar...@oneiros.de wrote: 2011/2/4 Pete Vickers p...@systemnet.no: He don't appear to 'have' IPv6... DTAG will offer v6 to all it's customers later this year. It's only the largest telco in Germany. :-) The US has been offering freedom to the world for a while now. It's only the largest republic in the world :-)
Re: nat static-port option
2011/2/4 Bret Lambert bret.lamb...@gmail.com: The US has been offering freedom to the world for a while now. It's only the largest republic in the world :-) No, that's India (people). Or Russia (size). Best Martin
Re: nat static-port option
El 04/02/2011 16:15, Martin Schrvder escribis: 2011/2/4 Bret Lambertbret.lamb...@gmail.com: The US has been offering freedom to the world for a while now. It's only the largest republic in the world :-) No, that's India (people). Or Russia (size). Best Martin Still US (money). Take your pick.
Re: nat static-port option
2011/2/4 Joakim Aronius joa...@aronius.com: ..dont want to fuel a flame war here but i heard stuff like ATT is using 40 instances of 10/8 indicates that big operators needs to bend themselves backwards to get their stuff together. Carrier grade NAT is less bullshit than ipv6. :-)
Re: nat static-port option
* Joakim Aronius (joa...@aronius.com) wrote: ..dont want to fuel a flame war here but i heard stuff like ATT is using 40 instances of 10/8 indicates that big operators needs to bend themselves backwards to get their stuff together. Need to correct myself there, should be Verizon Wireless, not ATT. https://sites.google.com/site/ipv6implementors/2010/agenda/14_Parker_VerizonWireless.pdf?attredirects=0 https://sites.google.com/site/ipv6implementors/2010/agenda Cheers, /Joakim
Re: make keep state (no-sync) the default?
* Harald Dunkel harald.dun...@aixigo.de [2011-02-04 14:31]: Is there some other way to avoid a lot of keep state (no-sync) statements? is there some other way to make people READ the fucking mnapages we put so much effort in? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: make keep state (no-sync) the default?
El 04/02/2011 18:56, Henning Brauer escribis: * Harald Dunkelharald.dun...@aixigo.de [2011-02-04 14:31]: Is there some other way to avoid a lot of keep state (no-sync) statements? is there some other way to make people READ the fucking mnapages we put so much effort in? You're talking nonsense; of course no! PD: Some of us don't forget that udp mode, non-forking, non-blocking mods for tcpbench... I must stop slacking! xDDD
Re: nat static-port option
* Martin Schrvder (mar...@oneiros.de) wrote: Carrier grade NAT is less bullshit than ipv6. :-) Arbor networks just released their new 'Worldwide Infrastructure Report' which was interesting. In particular the rising threat of DDOS and the use of statefull network gear in mobile networks, such as DPI and NAT... The complexities of IPv6, as eloquently expressed by Henning, will surely result in some interesting security issues.. http://www.arbornetworks.com/en/arbor-networks-sixth-annual-worldwide-infrast ructure-security-report.html Now I think we shall let this thread come to rest as this is a bit out of topic. (and before someone refrains to name calling, I was almost called 'IPv6 fanboy' at one point). Have a nice weekend :) /Joakim
IPv6 router with static addresses assignment not works
Hi all: I have problem with my ipv6 router (two NICs) running on 4.8. I have external IP address /64 and routed by ISP /48 network through that IP. I want to use static addressing in my internal network, so I've choose one /64 subnet in my /48 network and assigned xx::1 to my internal router and assigned xx::2 IP and xx::1 to client host in my internal network. 1) I'm able to ping client host from router and vice versa. 2) Firewall permitting icmp6 and not blocks packets (I'm logging blocked packets and checked with tcpdump on pflog0). 3) I'm able to reach external IPv6 hosts from router and I'm able to ping router from remote ipv6 hosts. problem is that 4) I can't reach external hosts from my client host xx::2 (or any other IP). I don't see requests on router's internal interface, but see it with tcpdump on client host. 5) When I'm trying to ping client host from external host I see on client host that packets reach client host and sends response but that responses not reach xx::1. Ipv6 forwarding is enabled 100%. Does anybody have clue why it not works? Magic happens when I'm starting rtadvd re0 -c /etc/rtadvd.conf (where I have same network specified) - then it works :). My NIC is re0 at pci1 dev 0 function 0 D-Link DGE-528T rev 0x10: RTL8169/8110SB (0x1000), apic 2 int 20 (irq 12), address 00:1e:58:2b:f3:d8 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3 # sysctl -a | grep inet6 net.inet6.ip6.forwarding=1 net.inet6.ip6.redirect=1 net.inet6.ip6.hlim=64 net.inet6.ip6.mrtproto=103 net.inet6.ip6.maxfragpackets=200 net.inet6.ip6.accept_rtadv=0 net.inet6.ip6.keepfaith=1 net.inet6.ip6.log_interval=5 net.inet6.ip6.hdrnestlimit=10 net.inet6.ip6.dad_count=1 net.inet6.ip6.auto_flowlabel=1 net.inet6.ip6.defmcasthlim=1 net.inet6.ip6.kame_version=OpenBSD-current net.inet6.ip6.use_deprecated=1 net.inet6.ip6.rr_prune=5 net.inet6.ip6.v6only=1 net.inet6.ip6.maxfrags=200 net.inet6.ip6.mforwarding=0 net.inet6.ip6.multipath=0 net.inet6.ip6.multicast_mtudisc=0 net.inet6.ip6.neighborgcthresh=2048 net.inet6.ip6.maxifprefixes=16 net.inet6.ip6.maxifdefrouters=16 net.inet6.ip6.maxdynroutes=4096 net.inet6.ip6.dad_pending=0 net.inet6.icmp6.rediraccept=1 net.inet6.icmp6.redirtimeout=600 net.inet6.icmp6.nd6_prune=1 net.inet6.icmp6.nd6_delay=5 net.inet6.icmp6.nd6_umaxtries=3 net.inet6.icmp6.nd6_mmaxtries=3 net.inet6.icmp6.nd6_useloopback=1 net.inet6.icmp6.nodeinfo=1 net.inet6.icmp6.errppslimit=100 net.inet6.icmp6.nd6_maxnudhint=0 net.inet6.icmp6.mtudisc_hiwat=1280 net.inet6.icmp6.mtudisc_lowat=256 net.inet6.icmp6.nd6_debug=0 net.inet6.divert.recvspace=65636 net.inet6.divert.sendspace=65636 # uname -a OpenBSD gateway 4.8 GENERIC.MP#335 amd64 -- -- With regards, Eugene Sudyr
Re: make keep state (no-sync) the default?
On Fri, 4 Feb 2011 18:56:28 +0100 Henning Brauer lists-open...@bsws.de wrote: is there some other way to make people READ the fucking mnapages we put so much effort in? laser etcher + contact lens and super glue
Re: make keep state (no-sync) the default?
Kevin Chadwick wrote: On Fri, 4 Feb 2011 18:56:28 +0100 Henning Brauer lists-open...@bsws.de wrote: is there some other way to make people READ the fucking mnapages we put so much effort in? laser etcher + contact lens and super glue I'm positive that that still won't work for some folks. --Kurt
Re: make keep state (no-sync) the default?
Henning Brauer wrote: * Harald Dunkel harald.dun...@aixigo.de [2011-02-04 14:31]: Is there some other way to avoid a lot of keep state (no-sync) statements? is there some other way to make people READ the fucking mnapages we put so much effort in? If you figure that out, I think you'll be a very rich man. --Kurt
By default, should `lynx your external IP` work?
Hello! By chance I tried this from my fresh OpenBSD VPS, which I assume has had a default installation. Basically by chance (it didn't make much sense) I tried lynx external IP *from my VPS*, and it didn't work, even though it did work from my desktop PC: -- Looking up external IP first Looking up external IP Making HTTP connection to external IP Alert!: Unable to connect to remote host. lynx: Can't access startfile http://external IP/ -- But there's more. A similar situation happens with ping (which, again, works when called from another computer): -- PING external IP (external IP): 56 data bytes --- external IP ping statistics --- 219 packets transmitted, 0 packets received, 100.0% packet loss -- Is this normal behavior by default? I know both things work from other OSes, so I'm wondering if this has something to do with OpenBSD's added security measures. Thank you in advance for your help. Cheers, Ezequiel
Re: By default, should `lynx your external IP` work?
On 2011-02-04 21.12, Ezequiel Garzsn wrote: Hello! By chance I tried this from my fresh OpenBSD VPS, which I assume has had a default installation. Basically by chance (it didn't make much sense) I tried lynx external IP *from my VPS*, and it didn't work, even though it did work from my desktop PC: -- Looking up external IP first Looking up external IP Making HTTP connection to external IP Alert!: Unable to connect to remote host. lynx: Can't access startfile http://external IP/ -- But there's more. A similar situation happens with ping (which, again, works when called from another computer): -- PING external IP (external IP): 56 data bytes --- external IP ping statistics --- 219 packets transmitted, 0 packets received, 100.0% packet loss -- Is this normal behavior by default? I know both things work from other OSes, so I'm wondering if this has something to do with OpenBSD's added security measures. No, this is not normal behaviour. Your VPS provider have some explaining to do. (And by the way, making things not work is hardly ever an added security measure - it's just a plain inconvenience. And inconvenienced people tend to be more prone to do something stupid while trying to work around their inconvenience than people whos stuff just work as expected...) Regards, /Benny -- internetlabbet.se / work: +46 8 551 124 80 / Words must Benny Lvfgren/ mobile: +46 70 718 11 90 / be weighed, / fax:+46 8 551 124 89/not counted. /email: benny -at- internetlabbet.se
dell latitude d430 + port replicator -- is okay?
Hi, I want to buy a DELL Latitude D430 + a port replicator (for the DVI and LPT ports). Does this laptop work okay with OBSD? How about the port replicator? Does it need any kind of support from the OS (e.g. drivers) or is it just an electromechanical contraption? Thanks.
Re: dell latitude d430 + port replicator -- is okay?
Sviatoslav Chagaev wrote: Hi, I want to buy a DELL Latitude D430 + a port replicator (for the DVI and LPT ports). Does this laptop work okay with OBSD? How about the port replicator? Does it need any kind of support from the OS (e.g. drivers) or is it just an electromechanical contraption? Thanks. I have loaded 4.6 or .7 on a D430 and don't remember any problems. Printer and serial worked, as did the optical drive I installed from. Ethernet and wifi worked on mine but wifi might depend on what adapter is in it. I never tried X or the DVI plug but X on other BSDs and UXes has worked fine in the past. -- Ron McDowell San Antonio TX
Re: dell latitude d430 + port replicator -- is okay?
2011/2/5 Sviatoslav Chagaev 0x1...@gmail.com: How about the port replicator? Does it need any kind of support from the OS (e.g. drivers) or is it just an electromechanical contraption? If you mean a PR01X: The latter. It just works. Best Martin
Re: IPv6 router with static addresses assignment not works
Joakim, I set default gateway and it's present in routes list :). I've sorted out and solved problem!!! Unfortunatelly all of my office clients are Windows OSes which are too USER FRIENDLY and it added Site-local route automatically :) I was wondered to see this: C:\Users\Evgeniy.Sudyrnetsh int ipv6 show route Publish Type Met PrefixIdx Gateway/Interface Name --- --- --- No Manual256 ::/0 11 fe80::218:e7ff:fefc:4a20 No Manual256::/0 11 2aaa::::1b:1::1 Where 2aaa::::1b:1::1 is statically set IPv6 default gateway and fe80::218:e7ff:fefc:4a20 as automatically assigned IP address with the same metric (I've used defaults and don't played with it before). With tcpdump I figured that it uses fe80::218:e7ff:fefc:4a20 as default gateway all the time. Obviously solution was to change metric value to something lower which will be used instead fe80 router which is local address :). To change route metric just simply use netsh or GUI :) netsh int ipv6 set route ::/0 11 2aaa::::1b:1::1 0 100 no Hope this will be useful for somebody else. OpenBSD rocks! On Sat, Feb 5, 2011 at 12:15 AM, Joakim Aronius joa...@aronius.com wrote: * Evgeniy Sudyr (eject.in...@gmail.com) wrote: Magic happens when I'm starting rtadvd re0 -c /etc/rtadvd.conf (where I have same network specified) - then it works :). Hi there Evgeniy, Problem is that when you statically configure the IP parameters you do not set the default gateway so the client does not know where to send packets outside the v6 LAN. In my machines I have a line like this in my hostname.if !/sbin/route add -inet6 default 2001:db8:cc17:5::1 ..but now when I have a look it seems like since 4.8 it is supported to ad a default gateway address to /etc/mygate in the same way as for IPv4. So if you only have a default GW thats what you should do. /Joakim -- -- With regards, Eugene Sudyr
Re: By default, should `lynx your external IP` work?
Thank you, Benny. I thought so, but wasn't sure. On Fri, Feb 4, 2011 at 10:35 PM, Benny Lofgren bl-li...@lofgren.biz wrote: On 2011-02-04 21.12, Ezequiel Garzsn wrote: Hello! By chance I tried this from my fresh OpenBSD VPS, which I assume has had a default installation. Basically by chance (it didn't make much sense) I tried lynx external IP *from my VPS*, and it didn't work, even though it did work from my desktop PC: -- Looking up external IP first Looking up external IP Making HTTP connection to external IP Alert!: Unable to connect to remote host. lynx: Can't access startfile http://external IP/ -- But there's more. A similar situation happens with ping (which, again, works when called from another computer): -- PING external IP (external IP): 56 data bytes --- external IP ping statistics --- 219 packets transmitted, 0 packets received, 100.0% packet loss -- Is this normal behavior by default? I know both things work from other OSes, so I'm wondering if this has something to do with OpenBSD's added security measures. No, this is not normal behaviour. Your VPS provider have some explaining to do. (And by the way, making things not work is hardly ever an added security measure - it's just a plain inconvenience. And inconvenienced people tend to be more prone to do something stupid while trying to work around their inconvenience than people whos stuff just work as expected...) Regards, /Benny -- internetlabbet.se / work: +46 8 551 124 80 / Words must Benny Lvfgren/ mobile: +46 70 718 11 90 / be weighed, / fax:+46 8 551 124 89/not counted. /email: benny -at- internetlabbet.se
Re: Relayd -- FQDN length limit?
On Fri, Feb 4, 2011 at 7:04 PM, Andrew Klettke aklet...@opticfusion.net wrote: If we define a relay with a hostname that is longer than 32 characters, we get the following: Feb 1 22:14:00 fw02 relayd[22062]: fatal: relay_init: failed to create SSL context: No buffer space available That error may be misleading. I can't find any references to ENOBUFS in relayd or openssl, and I don't think openssl uses errno much anyway. I think you should turn on debugging, it will provide better messages.
Newsletter Suzuki | Poupar está na moda
Siga as tendjncias actuais com o Suzuki Alto. Suzuki - Way of Life! Siga as tendjncias actuais com o Suzuki Alto. http://www.suzuki.pt/automoveis/alto Siga as tendjncias actuais com o Suzuki Alto. Siga as tendjncias actuais com o Suzuki Alto. Siga as tendjncias actuais com o Suzuki Alto.Siga as tendjncias actuais com o Suzuki Alto. Estilo, prego imbatmvel e baixo consumo nunca combinaram tco bem. Por 8.900 e um consumo de 3,8 L, o Suzuki Alto assenta como uma luva no trbnsito da cidade e, claro, em si! Entre na moda ao volante de um Suzuki Alto! CONDIGUES ESPECIAIS DA CAMPANHA EM VIGOR http://www.suzuki.pt/automoveis/alto/preco/campanha * Consumo em Estrada, com transmissco manual de 5 velocidades. Prego de venda a pzblico recomendado para a versco 1.0L GA, nco incluindo despesas administrativas ou pintura metalizada. Consumo combinado de 4,4 a 5,2 L/100 km. Emissues de CO2 de 103 a 122 g/km. Siga as tendjncias actuais com o Suzuki Alto. Siga as tendjncias actuais com o Suzuki Alto. Siga as tendjncias actuais com o Suzuki Alto. Nco lj correctamente esta mensagem? www.suzuki.pt/automoveis http://www.suzuki.pt/automoveis/newsletters/20110204/index.html Para mais informagues acerca da nossa Polmtica de Privacidade, clique aqui http://www.suzuki.pt/automoveis/termosdeuso . Para ser retirado da Newsletter Suzuki, por favor clique aqui http://www.suzuki.pt/automoveis/newsletter/remover .
Re: dell latitude d430 + port replicator -- is okay?
if i recall it correctly that is a fine machine. make sure you dont get an nvidia one though (not sure they made them but got to avoid them) On Sat, Feb 05, 2011 at 01:16:04AM +0200, Sviatoslav Chagaev wrote: Hi, I want to buy a DELL Latitude D430 + a port replicator (for the DVI and LPT ports). Does this laptop work okay with OBSD? How about the port replicator? Does it need any kind of support from the OS (e.g. drivers) or is it just an electromechanical contraption? Thanks.