Hi list,
someone suggested I shall wait for the 3.9, see below. I googled a the
whole day for a solution, and found this:
http://www.countersiege.com/doc/ifstated/
where ryan describes my problem exactly.
will openbsd 3.9 carp be able to keep the interfaces in sync without
ifstated? I read the
Matt Rowley([EMAIL PROTECTED]) on 2006.04.18 08:11:17 +:
serious question: can one get systems of this class with 'features' like
ECC memory?
Not 100% sure, but I do not think so. There's no mention of ECC memory
support on VIA's webpages dedicated to the EPIA line. Also, the memory
On 4/19/06, Lars Weste [EMAIL PROTECTED] wrote:
hostname.carp2
!ifconfig bge0 up
!ifconfig vlan0 create
!ifconfig vlan0 vlan 3 vlandev bge0 up
vhid 1 carpdev vlan0 192.168.0.1 192.168.1.255 netmask 255.255.254.0
I use the seperate hostname.if files instead of loading raw ifconfig
commands.
On Wed, Apr 19, 2006 at 10:43:00PM +0200, Pieter Baele wrote:
Hi,
I want to add a little box to my small network to learn about IDS
systems. Should a soekris 4501 be enough for such a task?
The logging can be done on a separate system.
Soekris/wrap boards are best known for their
On Thu, Apr 20, 2006 at 10:30:10AM +0800, Lars Hansson wrote:
On Thursday 20 April 2006 03:42, Eduardo Alvarenga wrote:
Just leave the first two lines of motd intact, add you local motd after
the two first lines, and your message will not be touched.
The patch prevents rc from adding
Hi,
with scrub in all set at the firewall, will openbsd handle icmp packets
of type unreach code needfrag automatically, because of the statefulness?
as far as i know, icmp packtes like port/host/network unreachable are
allowed by the keep state statements, does this also apply for the need
Si vous ne visualisez pas ce message, cliquez ici
Offres d'essai GRATUITES
Des bonnes affaires - Rapide et facile - Satisfaaction garantie
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE]
[IMAGE]
Vistaprint.fr
Cette offre n'est
Hi,
hostname.carp2
!ifconfig bge0 up
!ifconfig vlan0 create
!ifconfig vlan0 vlan 3 vlandev bge0 up
vhid 1 carpdev vlan0 192.168.0.1 192.168.1.255 netmask 255.255.254.0
I use the seperate hostname.if files instead of loading raw ifconfig
commands. /etc/netstart does start physical
Hi
I've just been through the recent messages on this list and saw something
similar but not exactly the same as what I was planning to implement. We've
just got two new firewalls (now installed with OpenBSD 3.8, which will soon
be CARPed and pfsynced) and two new webservers which we want to
Lars Weste wrote:
Hi,
with scrub in all set at the firewall, will openbsd handle icmp packets
of type unreach code needfrag automatically, because of the statefulness?
scrub no-df fixes this, no?
Camellia was certified as the IETF standard cipher (Proposed
Standard) for SSL/TLS cipher suites (RFC4132) and IPsec (RFC4312).
Source:
https://info.isl.ntt.co.jp/crypt/eng/camellia/source_s.html
Introduction:
http://info.isl.ntt.co.jp/crypt/eng/camellia/intro.html
Hmm? Hopefully it seems that Mozilla's donation has kicked off a
scrambling of companies to buy bragging rights about donating to
OpenBSD. Yay?
A few things with a few vendors and larger company-users are moving
ahead.
I'd like to take the opportunity to report on my own experience how I
me again, sorry.
I have a raidframe raid5 array, I had it originally installed, had a kernel
panic of some sort, don't remember, and turned off the machine. I have had
to clean the disklabels on the raw drives, newfs them, raidctl -C the array,
-I the array, -vP the array, and had a new
Hi,
with scrub in all set at the firewall, will openbsd handle icmp
packets
of type unreach code needfrag automatically, because of the
statefulness?
as far as i know, icmp packtes like port/host/network unreachable are
allowed by the keep state statements, does this also apply for the
Hi,
sent the message with the wrong subject, therefore here again.
with scrub in all set at the firewall, will openbsd handle icmp
packets
of type unreach code needfrag automatically, because of the
statefulness?
as far as i know, icmp packtes like port/host/network unreachable are
Hi,
Say the webservers are named internally 10.0.0.1 and 10.0.0.2. Is it
possible
to create two CARP interfaces, say 10.0.0.3 and 10.0.0.4, where server
10.0.0.1 is master of CARP 10.0.0.3 and 10.0.0.2 is master of CARP
10.0.0.4.
Then, use rdr load balancing on the firewall to hit the
10.0.0.1 is master of CARP 10.0.0.3 and 10.0.0.2 is master of CARP
10.0.0.4.
Then, use rdr load balancing on the firewall to hit the .3/.4 CARP
addresses, instead of the server addresses.
At first glance this looks like it would work
Yes, this works nicely.
It might work, but
Alexey E. Suslikov wrote:
Camellia was certified as the IETF standard cipher (Proposed
Standard) for SSL/TLS cipher suites (RFC4132) and IPsec (RFC4312).
Source:
https://info.isl.ntt.co.jp/crypt/eng/camellia/source_s.html
Hmm, isn't the notice on that page incompatible with the BSD license?
The patch prevents rc from adding these two lines into the motd file.
What I want is to not show information about the system and *JUST* my
personal motd, for security purposes and to follow the company's
policy.
What security purposes? You have local users who you dont trust to know the
Hmm, isn't the notice on that page incompatible with the BSD license?
*cut*
As far as I can see the COde has MANY licenses. THe BSD-License is clear
and clean.
I downloaded the SRC:
README contained:
---
This is a Crypto engine for Camellia.
Licence: BSD
version: 1.0
For inquires regarding
On Thursday 20 April 2006 07:45, Dimitry Andric wrote:
Alexey E. Suslikov wrote:
Camellia was certified as the IETF standard cipher (Proposed
Standard) for SSL/TLS cipher suites (RFC4132) and IPsec (RFC4312).
Source:
https://info.isl.ntt.co.jp/crypt/eng/camellia/source_s.html
Hmm,
so? we don't need more symmetric ciphers...
On Thu, 20 Apr 2006, Alexey E. Suslikov wrote:
Camellia was certified as the IETF standard cipher (Proposed
Standard) for SSL/TLS cipher suites (RFC4132) and IPsec (RFC4312).
Source:
https://info.isl.ntt.co.jp/crypt/eng/camellia/source_s.html
Hello Folks,
I've got a question about OpenBSD 3.9 update ... I have a firewall
running 3.9 release and I'd like to know the best away to keep the
system updated, such as debian does using APT. Any suggestions?
Thanks in advance.
Hutger
Yeah, just leave it alone unless you have to change it because of some
errata that is relevant to you. Don't run -current on a production
firewall. It's a bad idea.
Hutger H. wrote:
Hello Folks,
I've got a question about OpenBSD 3.9 update ... I have a firewall
running 3.9 release and I'd
Daniel Ouellet wrote:
Will H. Backman wrote:
Would there be a benefit to use the pkg_ tools to install and manage the
install sets?
I fail to see the point of it really. The install set is done at
install time, or to add it if you miss it at the install.
Plus packages tools is there to
Hutger H. said:
Hello Folks,
I've got a question about OpenBSD 3.9 update ... I have a firewall
running 3.9 release and I'd like to know the best away to keep the
system updated, such as debian does using APT. Any suggestions?
1. Check every day/hour/minute the www.openbsd.org/errata.html
I supose he is interested in base patching :)
pkg_add is only for packages :)
Jonathan Glaschke wrote:
On Thu, Apr 20, 2006 at 09:55:28AM -0300, Hutger H. wrote:
Hello Folks,
I've got a question about OpenBSD 3.9 update ... I have a firewall
running 3.9 release and I'd like to know the best
Hans-Joerg Hoexer wrote:
On Thu, Apr 20, 2006 at 02:11:36PM +0100, Constantine A. Murenin wrote:
Hi,
I have an OpenBSD (file-)server at a remote location on the internet
that is around 137ms away from an OS X 10.4 laptop.
Is there a way to securely mount OpenBSD's filesystems from OS X in
On Thu, Apr 20, 2006 at 02:11:36PM +0100, Constantine A. Murenin wrote:
Hi,
I have an OpenBSD (file-)server at a remote location on the internet
that is around 137ms away from an OS X 10.4 laptop.
Is there a way to securely mount OpenBSD's filesystems from OS X in
such a setting?
Heinrich Rebehn wrote:
[EMAIL PROTECTED]@mgEDV.net wrote:
some hints:
- the other switch seems to be cisco, too. (catalyst series, IOS)
- if the trunk contains more lines, check them for physical damage
(maybe 1
fails sometimes, 2 is ok)
- try to setup the cisco-switches for
Hi,
yes, i am running 3.8 -stable, and the backup has a higher advbase than
the master. Nevertheless, my problem doesn't seem to be the vlan
interface itself, it is just a general problem keep the interfaces in
sync, as ryan describes here:
http://www.countersiege.com/doc/ifstated/
so I am
Maybe the installer can stay as is but record the components in de
base system as packages in /var/db/pkg so upgrades later on can be
performed with pkg_add, in smaller portions.
But, I have nothing to complain about the current situation, it works great now.
Doing this, and doing it right will
On Thu, 20 Apr 2006, Lars Weste wrote:
Hi,
yes, i am running 3.8 -stable, and the backup has a higher advbase than
err, for preemption to work, the advskew should be higher on the backup.
At least, that is what carp(4) says.
-Otto
the master. Nevertheless, my problem
Adam PAPAI wrote:
Hutger H. said:
Hello Folks,
I've got a question about OpenBSD 3.9 update ... I have a firewall
running 3.9 release and I'd like to know the best away to keep the
system updated, such as debian does using APT. Any suggestions?
3. Compile your OpenBSD system from
On Thu, Apr 20, 2006 at 05:42:20PM +0200, Otto Moerbeek wrote:
On Thu, 20 Apr 2006, Lars Weste wrote:
Hi,
yes, i am running 3.8 -stable, and the backup has a higher advbase than
err, for preemption to work, the advskew should be higher on the backup.
At least, that is what carp(4)
On Thu, Apr 20, 2006 at 10:43:21AM +0200, Janne Johansson wrote:
Lars Weste wrote:
Hi,
with scrub in all set at the firewall, will openbsd handle icmp packets
of type unreach code needfrag automatically, because of the statefulness?
scrub no-df fixes this, no?
Yes, at the cost of such
On Thu, Apr 20, 2006 at 09:41:11AM +0100, Ashley Moran wrote:
Hi
I've just been through the recent messages on this list and saw something
similar but not exactly the same as what I was planning to implement. We've
just got two new firewalls (now installed with OpenBSD 3.8, which will
On Thu, Apr 20, 2006 at 02:11:36PM +0100, Constantine A. Murenin wrote:
Hi,
I have an OpenBSD (file-)server at a remote location on the internet
that is around 137ms away from an OS X 10.4 laptop.
Is there a way to securely mount OpenBSD's filesystems from OS X in
such a setting?
Is
On Thursday 20 April 2006 12:11, Stuart Henderson wrote:
10.0.0.1 is master of CARP 10.0.0.3 and 10.0.0.2 is master of CARP
10.0.0.4.
Then, use rdr load balancing on the firewall to hit the .3/.4 CARP
addresses, instead of the server addresses.
At first glance this looks like
Good day everyone
Recently, I installed SP1 on some domain controllers and ran into an issue
where microsoft changed rpc data with SP1 and firewalls such as microsofts own
ISA server as well as checkpoint have started to randomly block this data.
They have both offered up a fix for the issue, but
On 4/20/06, Derek Atkins [EMAIL PROTECTED] wrote:
Hi,
Sorry that nobody has responded. Unfortunately I don't know
what to tell you. I'm not sure if this is specific to OpenBSD
or what. You don't mention what version of the gnucash-docs
package you have installed.
Also, the whole help
On Thu, Apr 20, 2006 at 06:45:53PM +0100, Stuart Henderson wrote:
On 2006/04/20 17:47, Ashley Moran wrote:
pf/CARP might worth a try then. The only issue I have is that it's doing
whole-server load balancing which is no use if just Apache/lighttpd dies.
(I'm more concerned with
On Thu, 20 Apr 2006, James Mackinnon wrote:
Good day everyone
Recently, I installed SP1 on some domain controllers and ran into an issue
where microsoft changed rpc data with SP1 and firewalls such as microsofts own
ISA server as well as checkpoint have started to randomly block this data.
On 4/19/06, Brendan Grossman [EMAIL PROTECTED] wrote:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Arnaud Bergeron
Sent: Wednesday, 19 April 2006 9:57 AM
To: misc@openbsd.org
Cc: Brendan Grossman
Subject: Re: pppoe
On Tue, Apr 18, 2006
On 4/20/06, Joachim Schipper [EMAIL PROTECTED] wrote:
On Thu, Apr 20, 2006 at 02:11:36PM +0100, Constantine A. Murenin wrote:
Hi,
I have an OpenBSD (file-)server at a remote location on the internet
that is around 137ms away from an OS X 10.4 laptop.
Is there a way to securely mount
Dear Misc,
(re-opening an old thread)
I got this card to work using ppp, but the performance is not as good
(higher latency, 100kbps vs 1Mbps) as on Windows and I drop my
connections all the time.
My /etc/ppp is attached in a tarball. Any tips for fixing or
troubleshooting greatly
The raid(4) codebase is old, unmaintained, and known to have issues.
That's one of the reasons it's not in the stock kernel.
-p.
On Thu, 20 Apr 2006, Pedro Martelletto wrote:
The raid(4) codebase is old, unmaintained, and known to have issues.
That's one of the reasons it's not in the stock kernel.
Oh I thought the OpenBSD team was silently discouraging people from the
practice of using software RAID. :}
That
mh i've had the same problem. I dont know if my way is really nice but
ifconfig tunX destroy
has done the job
On Apr 20, 2006, at 8:55 PM, Arnaud Bergeron wrote:
On 4/19/06, Brendan Grossman [EMAIL PROTECTED] wrote:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
The raid(4) codebase is old, unmaintained, and known to have issues.
That's one of the reasons it's not in the stock kernel.
Oh I thought the OpenBSD team was silently discouraging people from the
practice of using software RAID. :}
No. We just wish we had newer and better code. We
On 4/19/06, Chris Cappuccio [EMAIL PROTECTED] wrote:
Kevin [EMAIL PROTECTED] wrote:
Anybody running OpenBSD on a HP DX2000 who can share results?
A cheap microtower Celeron w/PATA, happens to be what the client
has to spare,I'm hoping there are no hidden gotchas.
the chances of a plain
Is there any way to block networks by using a joker in the hostname?
Lets take as example google. Google has many different Networks and such foo.
I found no way to block them all (during reading the PF manpage) using
something simple like *.google.com/de/foo.
Is there any way to do this because
On Fri, 2006-04-21 at 01:52:19 +0200, [EMAIL PROTECTED] proclaimed...
Is there any way to block networks by using a joker in the hostname?
Lets take as example google. Google has many different Networks and such foo.
I found no way to block them all (during reading the PF manpage) using
On Fri, 21 Apr 2006, [EMAIL PROTECTED] wrote:
Is it maybe planed to add any joker to PF so that such stuff would be
possible in the future if it isn`t already possible?
think about why this is undesirable and practically impossible for
five minutes. (hint: you are confusing DNS names and
On 4/21/06, Damien Miller [EMAIL PROTECTED] wrote:
On Fri, 21 Apr 2006, [EMAIL PROTECTED] wrote:
Is it maybe planed to add any joker to PF so that such stuff would be
possible in the future if it isn`t already possible?
think about why this is undesirable and practically impossible for
think about why this is undesirable and practically impossible for
five minutes. (hint: you are confusing DNS names and network addresses,
and making incorrect assumptions about how both DNS and pf work).
Well what if *.site.domain meant find all IP addresses mapped to this
domain and
On 4/20/06, Eduardo Alvarenga [EMAIL PROTECTED] wrote:
The patch prevents rc from adding these two lines into the motd file.
What I want is to not show information about the system and *JUST* my
personal motd, for security purposes and to follow the company's
policy.
What security
On 4/21/06, Theo de Raadt [EMAIL PROTECTED] wrote:
think about why this is undesirable and practically impossible for
five minutes. (hint: you are confusing DNS names and network addresses,
and making incorrect assumptions about how both DNS and pf work).
Well what if *.site.domain
On 4/21/06, Nick Guenther [EMAIL PROTECTED] wrote:
You're only blocking it until the next DNS update. Anyway, I'm not
trying to argue the merits of doing it, just trying to understand why
you couldn't.
Ah, well four replies later and I'm wiser. I assumed DNS had a way to
ask for all the
Dear Misc,
I see an occasional problem with amavisd on OpenBSD. It happens to a few
messages, some of the time. They eventually hit the retry count and
bounce, unless I push them through unfiltered.
(host cfilter[10.0.1.20] said: 451-4.5.0 Error in processing,
id=31448-04, spam_scan FAILED:
60 matches
Mail list logo