certs validation in xxxterm
Hi all, as stated in man page for xxxterm: ssl_ca_file If set to a valid PEM file all server certificates will be validated against it. The URL bar will be colored green when the certificate is trusted and yellow when untrusted. If ssl_ca_file is not set then the URL bar will color all HTTPS connections red. it looks like it's able to autenticate only against PEM file, but certs are stored as ASCII text in .xxxterm/certs so what's the correct setting for that?
Re: certs validation in xxxterm
On Sun, Apr 17, 2011 at 7:39 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: Hi all, as stated in man page for xxxterm: ssl_ca_file B B B B B B B B If set to a valid PEM file all server B B B B B B B B B B B B B B B B B B B certificates will be validated against B B B B B B B B B B B B B B B B B B B it. B The URL bar will be colored green B B B B B B B B B B B B B B B B B B B when the certificate is trusted and B B B B B B B B B B B B B B B B B B B yellow when untrusted. B B B B B B B B B B B B B B B B B B B If ssl_ca_file is not set then the URL B B B B B B B B B B B B B B B B B B B bar will color all HTTPS connections B B B B B B B B B B B B B B B B B B B red. it looks like it's able to autenticate only against PEM file, but certs are stored as ASCII text in .xxxterm/certs so what's the correct setting for that? yep ssl_ca_file = /home/username/.xxxterm/certs/ is all you need. Just not proper wording in man page.
Re: certs validation in xxxterm
Not correct. On openbsd use ssl_ca_file = /etc/ssl/cert.pem per the example in the config file. The ~/.xxxterm/certs/ directory is where certs are saved to when prompted by the user. On Sun, Apr 17, 2011 at 08:05:42AM +0200, Tomas Bodzar wrote: On Sun, Apr 17, 2011 at 7:39 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: Hi all, as stated in man page for xxxterm: ssl_ca_file B B B B B B B B If set to a valid PEM file all server B B B B B B B B B B B B B B B B B B B certificates will be validated against B B B B B B B B B B B B B B B B B B B it. B The URL bar will be colored green B B B B B B B B B B B B B B B B B B B when the certificate is trusted and B B B B B B B B B B B B B B B B B B B yellow when untrusted. B B B B B B B B B B B B B B B B B B B If ssl_ca_file is not set then the URL B B B B B B B B B B B B B B B B B B B bar will color all HTTPS connections B B B B B B B B B B B B B B B B B B B red. it looks like it's able to autenticate only against PEM file, but certs are stored as ASCII text in .xxxterm/certs so what's the correct setting for that? yep ssl_ca_file = /home/username/.xxxterm/certs/ is all you need. Just not proper wording in man page.
Re: certs validation in xxxterm
On Sun, Apr 17, 2011 at 11:18:00AM +0200, Tomas Bodzar wrote: On Sun, Apr 17, 2011 at 11:04 AM, Marco Peereboom sl...@peereboom.us wrote: Not correct. On openbsd use ssl_ca_file = /etc/ssl/cert.pem per the example in the config file. ??The ~/.xxxterm/certs/ directory is where certs are saved to when prompted by the user. Then question is why if it's set my way it shows in address bar blue Because you saved it. Not because you point to that directory. color for correct certs and yellow when untrusted because man says that it must be green. But will try correct way if color will be green. It will be if the cert is trusted. On Sun, Apr 17, 2011 at 08:05:42AM +0200, Tomas Bodzar wrote: On Sun, Apr 17, 2011 at 7:39 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: Hi all, as stated in man page for xxxterm: ssl_ca_file B ??B ??B ??B ??B ??B ??B ??B ??If set to a valid PEM file all server B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??certificates will be validated against B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??it. B The URL bar will be colored green B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??when the certificate is trusted and B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??yellow when untrusted. B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??If ssl_ca_file is not set then the URL B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??bar will color all HTTPS connections B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??red. it looks like it's able to autenticate only against PEM file, but certs are stored as ASCII text in .xxxterm/certs so what's the correct setting for that? yep ssl_ca_file = /home/username/.xxxterm/certs/ is all you need. Just not proper wording in man page.
Re: certs validation in xxxterm
On Sun, Apr 17, 2011 at 11:41:33AM +0200, Tomas Bodzar wrote: color for correct certs and yellow when untrusted because man says that it must be green. But will try correct way if color will be green. It will be if the cert is trusted. corrected and now it points to .pem files. Anyway all are yellow now including mail.google.com I thought that gmail has certs in fine state I surfed over there and it showed up green. You might want to get the latest pem from cvs.
Re: certs validation in xxxterm
On Sun, Apr 17, 2011 at 11:04 AM, Marco Peereboom sl...@peereboom.us wrote: Not correct. On openbsd use ssl_ca_file = /etc/ssl/cert.pem per the example in the config file. B The ~/.xxxterm/certs/ directory is where certs are saved to when prompted by the user. Then question is why if it's set my way it shows in address bar blue color for correct certs and yellow when untrusted because man says that it must be green. But will try correct way if color will be green. On Sun, Apr 17, 2011 at 08:05:42AM +0200, Tomas Bodzar wrote: On Sun, Apr 17, 2011 at 7:39 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: Hi all, as stated in man page for xxxterm: ssl_ca_file B B B B B B B B B B B B B B B B If set to a valid PEM file all server B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B certificates will be validated against B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B it. B The URL bar will be colored green B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B when the certificate is trusted and B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B yellow when untrusted. B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B If ssl_ca_file is not set then the URL B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B bar will color all HTTPS connections B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B red. it looks like it's able to autenticate only against PEM file, but certs are stored as ASCII text in .xxxterm/certs so what's the correct setting for that? yep ssl_ca_file = /home/username/.xxxterm/certs/ is all you need. Just not proper wording in man page.
Re: certs validation in xxxterm
On Sun, Apr 17, 2011 at 11:21 AM, Marco Peereboom sl...@peereboom.us wrote: On Sun, Apr 17, 2011 at 11:18:00AM +0200, Tomas Bodzar wrote: On Sun, Apr 17, 2011 at 11:04 AM, Marco Peereboom sl...@peereboom.us wrote: Not correct. On openbsd use ssl_ca_file = /etc/ssl/cert.pem per the example in the config file. ??The ~/.xxxterm/certs/ directory is where certs are saved to when prompted by the user. Then question is why if it's set my way it shows in address bar blue Because you saved it. B Not because you point to that directory. yep, it's in man. sorry color for correct certs and yellow when untrusted because man says that it must be green. But will try correct way if color will be green. It will be if the cert is trusted. corrected and now it points to .pem files. Anyway all are yellow now including mail.google.com I thought that gmail has certs in fine state On Sun, Apr 17, 2011 at 08:05:42AM +0200, Tomas Bodzar wrote: On Sun, Apr 17, 2011 at 7:39 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: Hi all, as stated in man page for xxxterm: ssl_ca_file B ??B ??B ??B ??B ??B ??B ??B ??If set to a valid PEM file all server B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??certificates will be validated against B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??it. B The URL bar will be colored green B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??when the certificate is trusted and B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??yellow when untrusted. B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??If ssl_ca_file is not set then the URL B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??bar will color all HTTPS connections B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??red. it looks like it's able to autenticate only against PEM file, but certs are stored as ASCII text in .xxxterm/certs so what's the correct setting for that? yep ssl_ca_file = /home/username/.xxxterm/certs/ is all you need. Just not proper wording in man page.
Urgent vila de vanzare complet finisata si mobilata
Vila de vanzare in cartierul Berceni, sector 4, Str. Mariuca. Contructie 2005, complet finisata si mobilata pe comanda. Vila este contruita pe 3 nivele open space, incluzand sala de fitness. In plus detine o crama de 18 mp la subsol. Suprafata totala construita a vilei este de 210 mp, cu un teren aferent de 150 mp. Pretul este de 150.000 Euro . Description: Description: Description: Description: Description: Description: 077.jpg Description: Description: Description: Description: Description: Description: 073.jpg Description: Description: Description: Description: Description: Description: 055.jpg Description: Description: Description: Description: Description: Description: 048.jpg Description: Description: Description: Description: Description: Description: 039.jpg Description: Description: Description: Description: Description: Description: 3.jpg Pentru detalii sunati la 0725.076.193 [demime 1.01d removed an attachment of type image/jpeg which had a name of image001.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of image002.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of image003.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of image004.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of image005.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of image006.jpg]
Re: pf ftp-proxy forward AND reverse (Help?)
Hi!
I just wanted to share that alternative to ftp-proxy clients which
connect from external network to internal ftp server is just letting
appropriate packets thru i.e. without doing application level proxying.
For example like this where 10.0.21.254 is ftp server's external address
and 192.168.111.162 is its internal address
# control channel ja and passive clients get in
pass in quick on $if_ext inet proto tcp from any \
to 10.0.21.254 port { 21, 2:5 } tag TO_INT \
rdr-to 192.168.111.162
# server gets out for active clients
pass in on $if_int inet proto tcp from 192.168.111.162 port 20 \
to any tag FROM_INT_FTP
# companion rules for tagged packets
pass out quick on $if_int inet tagged TO_INT
pass out quick on $if_ext inet tagged FROM_INT_FTP \
nat-to 10.0.21.254 port 20
This setup assumes that ftp server cooperates, for example with vsftpd
is needed to use these directives
...
connect_from_port_20=YES
pasv_min_port=2
pasv_max_port=5
pasv_address=10.0.21.254
As always, its up to the user to decide which solution fits better, with
above described setup the gain is that you get into ftp server logs
clients' ip addresses; on the other hand opening up 20k-50k ports might
not be a good idea, and with ftp-proxy OpenBSD has more control over ftp
sessions.
Imre
PS You could follow what ftp-proxy anchors contain with
# pfctl -a ftp-proxy -sA
..
# pfctl -a ftp-proxy/xxx.yyy -sr
PPS You must make sure that port 21/tcp states live long enough or your
clients may get funny hungups.
On 04/12/11 01:31, Steven R. Gerber wrote:
Hi folks.
I cannot get reverse? ftp to work from my wireless to my LAN.
I seem to have no trouble going from the LAN to the internet.
Any thoughts?
Thanks,
Steven
*
pf.conf:
# filter rules and anchor for ftp-proxy(8)
anchor ftp-proxy/*
pass in on $wireless_if inet proto tcp to ($wireless_if) port 21
pass out on $int_if inet proto tcp to $ftp_server port 21 user proxy
# Translate outgoing ftp control connections to send them to localhost
# for proxying with ftp-proxy(8) running on port 8021.
#rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 port 8021
anchor ftp-proxy/*
#pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
pass in quick on $int_if proto tcp to port 21 rdr-to 127.0.0.1 port 8021
*
$ cat /etc/rc.conf.local
ntpd_flags=-s # enabled during install
#
# set these to NO to turn them off. otherwise, they're used as flags
#named_flags=-d 3 # for normal use:
named_flags= # for normal use:
#dhcpd_flags= # for normal use:
# ISC dhcpd will be invokd via rc.local!!!
#
# set the following to YES to turn them on
pf=YES # Packet filter / NAT
ftpproxy_flags= # for normal use:
ftpproxy_flags2=-R xxx.xxx.iii.2 -p 21 -b xxx.xxx.www.1 # for
normal use:
#
# miscellaneous other flags
# only used if the appropriate server is marked YES above
pflogd_flags= # add more flags, ie. -s 256
*
rc.local:
# Start ftp-proxy #2
if [ X${ftpproxy_flags2} != XNO ]; then
echo -n ' ftp-proxy'; /usr/sbin/ftp-proxy ${ftpproxy_flags2}
fi
*
Re: pf rules
2011/4/17, gdrm g...@email.it: table terlarang persist file /etc/terlarang block in quick on re0 from terlarang in /etc/terlarang 10.0.0.0/8 192.168.0.0/16 xxx.xxx.xxx.xxx Muhammad Muntaza bin Hatta -- Indonesia http://muntaza.wordpress.com
Se Busca Vendedor(a) de espacios Publicitarios y servicios en internet
31 de Marzo de 2011 Visualizar versiC3n en lC-nea SE BUSCA VENDEDOR(A) CON CARTERA DE CLIENTES DE ANUNCIOS PUBLICITARIOS EN INTERNET SALARIO: US$500 + US$50.00 (Combustible) Excelentes Comisiones: del 25 al 50%. Requisitos Imprescindibles: - AutomC3vil (En buen estado) - Experiencia como Vendedor (mC-nimo 1 aC1o) - Cartera de Clientes activos (Anunciantes) - Contar con Laptop (Vendedor debe tener una computadora portC!til) - Conocimientos en informC!tica e internet (Intermedio) - Edad mC-nima 25 aC1os. Habilidades adicionales que se considerarC!n. - Habilidades en ventas - Liderazgo - RC!pido aprendizaje DescripciC3n del Puesto. Se requiere de un vendedor(a) con experiencia en ventas que sea responsable de: - vender a clientes corporativos e individuales. - abrir nuevas cuentas. - asistir al coordinador de ventas. - cerrar ventas de servicios informC!ticos y anuncios publicitarios en internet. - visitar clientes interesados. - generar cotizaciones - entre otros. Se espera que conozca el sector de Internet y Publicidad, que posea experiencia; se espera del vendedor buena presencia, responsabilidad, creatividad, organizaciC3n, con iniciativa y buena expresiC3n verbal. Se ofrece como beneficios excelente comisiC3n (del 25 al 50%) mC!s el pago de us$50.00 (gasolina). B?QuC) le ofrece nuestra empresa? El salario es inicial, si el vendedor logra cerrar ventas de los servicios con eficacia, nuestra empresa le garantiza aumento de salario y bonos de productividad. B?Por quC) trabajar en MicroKey Group? TendrC! horarios flexibles de trabajo, excelente ambiente laboral, interesantes comisiones, bonos y aumento de salario por productividad. Puede enviar su hoja de vida a microkeygr...@yahoo.com TelC)fono de Contacto: +507 . 3605858 Web: MicroKeyGroup .Com Correo para Vacantes microkeygroup (arroba) yahoo.com Le ha sido C:til nuestro newsletter?. IndC-quenos la calidad del mismo. Confirmar SuscripciC3n | Desuscribirme de esta lista | ContC!ctenos http://www.microkeyclients.com/mail/unsubscribe.php?M=176106C=b502001e5bc80edcfe404298d8bca767L=1N=5
Userland ppp stopped working between Mar24 and Apr8
After some experimenting, I've discovered that userland ppp stopped
working normally at some point between the March 24th and April 8th
snapshots.
I've been using the same ppp.{conf,linkup,linkdown} files for 6 months
now with 4.8-stable without any problems. This weekend I decided to
change firewall hardware and use -current, and the same configuration fails.
It's not the hardware: 4.8-stable and snapshots up to Mar. 24th work
just fine. The next snap I have in my collection is Apr. 8th, and
everything since then including Apr. 17th, fails.
Replication is simple:
- clean install, not an upgrade. No customizing/tweaking anything.
- copy my known-good ppp.* files over
- up the interface my DSL modem is on
- adjust syslog.conf to allow ppp logging to /var/log/ppp.log
# ppp -ddial mlppp (config file below; normally this done from rc.local)
- with anything = Mar 24th, the connection works straight away
- with anything = Apr. 8th, the ppp process loops continuously trying
to establish the connection
Looking at the log, the old version shows LCP: 2: RecvConfigReq, after
which my MRU drops from 1500 to 1492, and the connection ultimately
succeeds. The new version only shows LCP: 2: SendConfigReq and the
redial process loops until manually stopped.
Does anyone have any idea if my config needs adjusting, or have I found
a bug? The only variable is the version of -current I use, and the
ppp(8) man page is the same. Nothing to indicate that my config needs
adjusting.
I'm not sure if the following log snippets show the proper information,
so I'll wait for requests for full logs instead of spamming the list
with a hugely long post.
Thanks,
- Scott
Log snippet from successful connection:
Apr 17 21:09:22 fw0 ppp[30518]: tun0: Chat: 2: Reconnect try 2 of 3
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Chat: 2: Redial timer expired.
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Warning: Carrier settings ignored
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: Connected!
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: opening - dial
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: dial - carrier
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: carrier - login
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: login - lcp
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: FSM: Using 2 as a transport
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Initial --
Closed
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Closed --
Stopped
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: LayerStart
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(6) state =
Stopped
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRU[4] 1500
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MAGICNUM[6] 0x48a3693d
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRRU[4] 1485
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: SHORTSEQ[2]
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Stopped --
Req-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigReq(138) state =
Req-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRU[4] 1492
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP)
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MAGICNUM[6] 0x4a64ebd8
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigAck(138) state =
Req-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRU[4] 1492
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP)
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MAGICNUM[6] 0x4a64ebd8
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Req-Sent --
Ack-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigRej(6) state =
Ack-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRRU[4] 1485
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: SHORTSEQ[2]
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(7) state =
Ack-Sent
Log snippet from unsuccessful connection:
Apr 17 21:07:29 hellgate ppp[30239]: tun0: Chat: 2: Reconnect try 2 of 3
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 1: Redial timer expired.
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 2: Redial timer expired.
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: Connected!
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: opening - dial
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: dial - carrier
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: carrier - login
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: login - lcp
Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: FSM: Using 1 as a
transport
Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: 1: State change Initial
-- Closed
Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: 1: State change Closed
-- Stopped
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 2: Connected!
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 2: opening - dial
Apr 17 21:07:32
Invitacisn a Curso Experto en Google y Posicionamiento Web
Invitacion a Curso Experto en Google y Posicionamiento Web, Curso con sede en: 26 de abril curso online. El curso puede tomarlo desde la comodidad de su hogar u oficina. 03 de Mayo en Santiago de Chile. 06 de Mayo en Temuco, Chile. 13 de Mayo en Cancun 21 de Mayo en Monterrey 17 de Junio en Guadalajara. 10 de Junio Mexico D.F. Dirigido a Empresas que desean Mejorar su Posicionamiento Natural en Buscadores. Usuarios de Google Adwords interesados en Optimizar sus campa}as y sistema de pago por clic... Costo $ 3500 + IVA. Curso Redes Sociales Orientada a Empresas. Mexico, D.F. 14 de Abril - Nivel Basico 15 de Abril - Nivel Avanzado Monterrey 18 de Mayo - Nivel Basico 19 de Mayo - Nivel Avanzado Guadalajara 15 de Junio - Nivel Basico 16 de Junio - Nivel Avanzado Costo basico y Avanzado $ 4,500 + IVA Para Mas informacion visite Nuestra web Seminariosenmexico.com http://www.seminariosenmexico.com/ Telefonos +52 (55) 5523 0796 (Mexico) +56- 2 8977537 (Chile) Contacto via correo electronico conta...@seminariosenmexico.com Messenger seminarios enmex...@hotmail.com
benchmarks
Hi all, I'm interested on some benchmarks, specially with network/PF. For example: What's the maximum bandwidth that a soekris (or alix) can handle safely as a firewall? (with and without ipsec, how long the rule set are) Peter Hallin exposed a configuration that can handle near a 1Gbps on bridge mode. Peter, how much traffic your new firewall handle? On the branded servers (Dell, HP, IBM, etc), how best traffic one firewall can handle? These are some questions. Some of these information can help me to advocate OpenBSD based solution at work, starting with firewall. Just as comment, some linuxes (argh) fw can't handle as much as 100Mbps on Dells (R200 or R400). Thanks for any comments, Mosconi
Re: benchmarks
On 18/04/2011, at 1:07 PM, Rodrigo Mosconi wrote: Hi all, I'm interested on some benchmarks, specially with network/PF. On the general performance: http://www.openbsd.org/faq/pf/perf.html For example: What's the maximum bandwidth that a soekris (or alix) can handle safely as a firewall? (with and without ipsec, how long the rule set are) Why limit yourself to (low-end) machines? Budget constraints? Space constraints? Or it might to cool to play with these devices? (I thought so too, but in the end easier to whack in an old Dell Optiplex - as is often recommended on this list.) Peter Hallin exposed a configuration that can handle near a 1Gbps on bridge mode. Peter, how much traffic your new firewall handle? On the branded servers (Dell, HP, IBM, etc), how best traffic one firewall can handle? Which goes fastest? Ford or Holden? What NICs are in those machines? These are some questions. What does traffic mean? Is your traffic the same as mine? Some of these information can help me to advocate OpenBSD based solution at work, starting with firewall. Just as comment, some linuxes (argh) fw can't handle as much as 100Mbps on Dells (R200 or R400). pf is fast enough for me at my work. It might not be fast enough for you at your work. What are your requirements? Thanks for any comments, Probably not what you were after, but that's the repeated advice I see around here - only YOU can answer this question. And don't forget to read this (and buy the book) http://home.nuug.no/~peter/pf/en/ Mosconi
