Is there any way at all to bind ftpd to a single ip, i would like to
keep ftpd running on one ip of my server while i setup and play with
proftpd on another ip, the man page for ftpd says nothing about being
able to bind but is there any other way, Jerry Rig it if you will.
Thanks
--
-Lawrence
On 7/3/06, Lawrence Horvath [EMAIL PROTECTED] wrote:
Is there any way at all to bind ftpd to a single ip, i would like to
keep ftpd running on one ip of my server while i setup and play with
proftpd on another ip, the man page for ftpd says nothing about being
able to bind but is there any other
Greetings
Couldn't resist asking but can they really patent :
sending formatted data over SSL ?
That is just plain ridiculous !!
If i remember correctly the is also an RFC just for syslog under BSD.
A lot of devices already have syslog build in (for instance my AP
piece of crap USR has a syslog
On Sun, 02 Jul 2006 22:09:02 -0600, Theo de Raadt
[EMAIL PROTECTED] wrote:
Don't misunderstand me, CARP is an amazingly innovative and extremely
useful implementation of a redundancy protocol. It's technically better
than HSRP or any of the versions of VRRP but the problems till stands
that
I'm a bit confused by your reply. Yes, I kind of see what you mean but
it also seems I failed miserably to write things clearly. By putting
Official in quotes, I was trying to point out the stupidity of the bad
corporate decisions that occur far too often.
There are countless corporate
J.C. Roberts wrote:
Don't misunderstand me, CARP is an amazingly innovative and extremely
useful implementation of a redundancy protocol. It's technically better
than HSRP or any of the versions of VRRP but the problems till stands
that it is not an official protocol, which simply means adoption
On Mon, 3 Jul 2006 09:40:01 +0300, laurent FANIS
[EMAIL PROTECTED] wrote:
Couldn't resist asking but can they really patent :
sending formatted data over SSL ?
That is just plain ridiculous !!
As far as I know, at the moment it's only a patent *application* rather
than a granted patent. You can
I got a VPN network which works quite well, i mean works very well
thanks to OpenBSD and its implementation but i got one end point over
the 6 running which causing me troubles.
The configuration is done with ipsec.conf and is identical to others
which works well.
Here some example config:
ike
On Mon, 03 Jul 2006 01:14:59 -0600, Theo de Raadt
[EMAIL PROTECTED] wrote:
I'm a bit confused by your reply. Yes, I kind of see what you mean but
it also seems I failed miserably to write things clearly. By putting
Official in quotes, I was trying to point out the stupidity of the bad
On 7/3/06, J. C. Roberts [EMAIL PROTECTED] wrote:
On Mon, 3 Jul 2006 09:40:01 +0300, laurent FANIS
[EMAIL PROTECTED] wrote:
Couldn't resist asking but can they really patent :
sending formatted data over SSL ?
That is just plain ridiculous !!
As far as I know, at the moment it's only a patent
Massimo Lusetti wrote:
I got a VPN network which works quite well, i mean works very well
thanks to OpenBSD and its implementation but i got one end point over
the 6 running which causing me troubles.
The configuration is done with ipsec.conf and is identical to others
which works well.
Here
Hi
Here we go again, why is inetd on by default?
I am very sorry to ask this question! My guess is that it has been asked a
thousand times. I did look in the archives and on google, trying to find a
clear answer but I must have mised it.
The note on the inetd.conf file, which states, that it is
On Sun, Jul 02, 2006 at 10:32:12PM +0200, FTP wrote:
On Tue, Jun 27, 2006 at 05:03:52PM +0200, FTP wrote:
when I try to access the site via lynx I do get an SSL error message
moaning that I have a self-signed cert. After accepting this, the
page gets dispalyed. So it looks like the problem
2006/7/3, laurent FANIS [EMAIL PROTECTED]:
Yeah that is true i didn't see it but wouldn't be possible to buy off
people ?I mean the company is in china and it is a country that has a
certain degree of corruption.This is what i'm afraid of too.
You are right to a degree (the patent will surely
1. IPcomp is only used if it results in smaller packets
2. IPcomp on OpenBSD is broken and does not work correctly (some packets
are not compressed correctly).
-m
On Mon, 2006-07-03 at 00:51 -0700, Clint Pachl wrote:
Are both end points trying to negotiate? Try using the passive keyword
on one endpoint: ike passive esp ...
Yes both active. Does that should cause problems?
I have experienced the same issue. I don't know the details of what
exactly
At 07:18 2006-07-03, you wrote:
On 7/2/06, Marcin Wilk [EMAIL PROTECTED] wrote:
At 22:35 2006-07-02, you wrote:
On Sun, Jul 02, 2006 at 12:20:49PM -0700, Greg Thomas wrote:
On 7/2/06, Tobias Ulmer [EMAIL PROTECTED] wrote:
On Sun, Jul 02, 2006 at 03:13:59PM +0200, Tomasz Zielinski wrote:
Massimo Lusetti wrote:
On Mon, 2006-07-03 at 00:51 -0700, Clint Pachl wrote:
Are both end points trying to negotiate? Try using the passive keyword
on one endpoint: ike passive esp ...
Yes both active. Does that should cause problems?
Here is what I have noticed while watching tcpdump:
On Mon, 3 Jul 2006, [EMAIL PROTECTED] wrote:
Hi
Here we go again, why is inetd on by default?
I am very sorry to ask this question! My guess is that it has been asked a
thousand times. I did look in the archives and on google, trying to find a
clear answer but I must have mised it.
Hi,
We have configured a firewall with pf on openbsd-3.9. It is found that
ftp-proxy is unable to operate when system is put in secure level 2.
This is due to the fact that ftp-proxy can't add/delete rules in pf in
secure level 2. But for security reasons we would like to have the
system
On Mon, 03 Jul 2006 12:47:40 +0200
Marcin Wilk [EMAIL PROTECTED] wrote:
Do I understand correctly I could just cvs co usr/bin/who and use the
official who and see who is online?
Yes because only process privacy is done in kernel.
What's the point ?
Hi,
This seems to be widely discussed problem in openbsd pf. There is no
kernel parameter that makes the pf to block all packets by default. I
have searched on the internet and found some discussion taken place in
2005 regarding this. The discussion concludes no such parameter in
kernel.
This seems to be widely discussed problem in openbsd pf. There is no
kernel parameter that makes the pf to block all packets by default. I
have searched on the internet and found some discussion taken place in
2005 regarding this. The discussion concludes no such parameter in
kernel. Are
Can you break into ddb?
-p.
no, I can only ping the server or change tty (ctrl alt fn), but I can't type
anything.
- Original Message -
From: Pedro Martelletto [EMAIL PROTECTED]
To: diego [EMAIL PROTECTED]
Cc: misc@openbsd.org
Sent: Monday, July 03, 2006 9:34 AM
Subject: Re: 3.9 freeze
Can you break into
On Mon, Jul 03, 2006 at 09:45:22AM -0300, diego wrote:
no, I can only ping the server or change tty (ctrl alt fn), but I can't
type anything.
you should sysctl ddb.console=1 for that to work...
- Original Message -
From: Pedro Martelletto [EMAIL PROTECTED]
To: diego [EMAIL
On Mon, Jul 03, 2006 at 10:47:04AM +0200, Joachim Schipper wrote:
On Sun, Jul 02, 2006 at 10:32:12PM +0200, FTP wrote:
On Tue, Jun 27, 2006 at 05:03:52PM +0200, FTP wrote:
when I try to access the site via lynx I do get an SSL error message
moaning that I have a self-signed cert. After
Hi,
after googling, rereading the manuals and lurking into the code I
really could
not find a way to do this, unless I am missing something really simple!
I have two BGP routers on a small subnet where they peer with a transit
provider, the two routers have a carp shared IP aswell, thus each
On Mon, Jul 03, 2006 at 03:58:13PM +0200, Andrea Cocito wrote:
Hi,
after googling, rereading the manuals and lurking into the code I
really could
not find a way to do this, unless I am missing something really simple!
I have two BGP routers on a small subnet where they peer with a
On Mon, 3 Jul 2006, c.s.r.c.murthy wrote:
We have configured a firewall with pf on openbsd-3.9. It is found that
ftp-proxy is unable to operate when system is put in secure level 2.
This is due to the fact that ftp-proxy can't add/delete rules in pf in
secure level 2. But for security
Federico Giannici wrote:
Pedro Martelletto wrote:
On Thu, Jun 22, 2006 at 03:25:41PM +0200, Federico Giannici wrote:
Yesterday another PC freezed!
It just crashed again!
did it freeze or did it crash?
I wrote it into the first email: it freezes with no error at all, no
network, only
Hi,
sorry for late reply, unfortunately I was a bit off...
On 2006/06/23 12:53, Sebastian Reitenbach wrote:
Both hosts are in different VLAN's. to reach each other
I have to set a host route via the default gateway to reach
the other system.
You need to be able to multicast between them
On Mon, Jul 03, 2006 at 05:25:31PM -0700, c.s.r.c.murthy wrote:
Hi,
We have configured a firewall with pf on openbsd-3.9. It is found that
ftp-proxy is unable to operate when system is put in secure level 2.
This is due to the fact that ftp-proxy can't add/delete rules in pf in
secure
On Mon, Jul 03, 2006 at 05:30:44PM -0700, c.s.r.c.murthy wrote:
Hi,
This seems to be widely discussed problem in openbsd pf. There is no
kernel parameter that makes the pf to block all packets by default. I
have searched on the internet and found some discussion taken place in
2005
no...
- Original Message -
From: vladas [EMAIL PROTECTED]
To: diego [EMAIL PROTECTED]
Sent: Monday, July 03, 2006 10:00 AM
Subject: Re: 3.9 freeze
On 03/07/06, diego [EMAIL PROTECTED] wrote:
no, I can only ping the server or change tty (ctrl alt fn), but I can't
type
anything.
I installed openwebmail from the ports and when trying to launch:
http://your_server/cgi-bin/openwebmail/openwebmail.pl
I get a 500 error. I suppose that this is due to the chrooted apache but how do
I find the dependencies for a perl script?
Thanks
George
ok, I have the server on datacenter, when freeze I will try it.
- Original Message -
From: mickey [EMAIL PROTECTED]
To: diego [EMAIL PROTECTED]
Cc: Pedro Martelletto [EMAIL PROTECTED]; misc@openbsd.org
Sent: Monday, July 03, 2006 9:52 AM
Subject: Re: 3.9 freeze
On Mon, Jul 03, 2006
On Jun 30, 2006, at 7:11 PM, Theo de Raadt wrote:
Why should we bleed our little hearts over a company who acted like
assholes towards us for years, and only changed their policy due to
public pressure?
Because behavior modification requires rewarding in some fashion
desired behavior?
From: [EMAIL PROTECTED]
useful implementation of a redundancy protocol. It's
technically better
than HSRP or any of the versions of VRRP but the problems
till stands
that it is not an official protocol, which simply means
adoption and
inter operability will suffer to some degree.
FTP wrote:
I installed openwebmail from the ports and when trying to launch:
http://your_server/cgi-bin/openwebmail/openwebmail.pl
I get a 500 error. I suppose that this is due to the chrooted apache
but how do I find the dependencies for a perl script?
1) you think really hard about what a
On 2006/07/03 13:52, Nick Holland wrote:
(contrast this to Squirrelmail, which does (amazingly) run in a chroot
Same for Hastymail and Roundcube. I guess it's not too much of a
stretch with IMP either (though I haven't actually used IMP recently
enough to have checked chroot).
Stuart Henderson wrote:
On 2006/07/03 13:52, Nick Holland wrote:
(contrast this to Squirrelmail, which does (amazingly) run in a chroot
Same for Hastymail and Roundcube. I guess it's not too much of a
stretch with IMP either (though I haven't actually used IMP recently
enough to have
One question regarding Kerberos authentication in ftpd is whether the daemon
supports only password authentication against the kerberos database, or if
it can support authentication using a service ticket from a user who has
already gotten a TGT (passwordless login).
Also, what (if any)
Is there a special reason why we couldn't see the
set skip on interface
in the display of the rules in pf with the regular:
pfctl -sr
That's on 3.9.
* Daniel Ouellet [EMAIL PROTECTED] [2006-07-03 21:44]:
Is there a special reason why we couldn't see the
set skip on interface
in the display of the rules in pf with the regular:
pfctl -sr
it is not a rule.
--
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail
Really odd problem here:
I've set up a fairly simple firewall utilizing dual DGE-530T gigabit cards.
Isolating a windows rack from the rest of campus. Note that testing the
speed from a 100Mb linux host in the same office (plugged into the same
router as the firewall but of course outside the
From: [EMAIL PROTECTED]
Is there a special reason why we couldn't see the
set skip on interface
in the display of the rules in pf with the regular:
pfctl -sr
If this was to be implemented, it might be more appropriate to show in the
runtime state (pfctl -si) than the rule output.
DS
it is not a rule.
OK, not a rule, but still shouldn't it be possible or useful to see that
in effect? If you make changes for testing or what not and you use this
temporary, etc on a box of 10+ interfaces, just my thinking, but I was
expecting to see this in display of how the pf was
On 7/3/06, Daniel Ouellet [EMAIL PROTECTED] wrote:
it is not a rule.
OK, not a rule, but still shouldn't it be possible or useful to see that
in effect? If you make changes for testing or what not and you use this
temporary, etc on a box of 10+ interfaces, just my thinking, but I was
expecting
On Mon, Jul 03, 2006 at 08:49:03PM +0200, Sigfred Heversen wrote:
Stuart Henderson wrote:
On 2006/07/03 13:52, Nick Holland wrote:
(contrast this to Squirrelmail, which does (amazingly) run in a chroot
Same for Hastymail and Roundcube. I guess it's not too much of a
stretch with IMP
On 2006/07/03 16:26, Nick Guenther wrote:
I don't know a lot about the architecture of pf (I plan to learn soon
though) so maybe this is completely stupid, but I suggest adding modes
for `pfctl -s` to match everything listed in pf.conf(5).
`-s config' to produce a usable pf.conf from in-memory
If this was to be implemented, it might be more appropriate to show in the
runtime state (pfctl -si) than the rule output.
I don't know. May be may be not. But I got cut with this. I had a
sysadmin do changes in a pretty big multi interface box and he use the
set skip to test new rules on
Indeed it does, but not by hacking up `-s rules`. pfctl(8) lists all
the various things you can display with -s. 'options' (as per
pf.conf(5)) do not seem to be among them, however, which I agree is
unfortunate. It also doesn't help that the manpage say, next to, -s
Rule:
Note that the ``skip
J.C. Roberts [EMAIL PROTECTED] wrote:
This sucks. It's no different than what Cisco did with their HSRP patent
to try to kill off VRRP. The Huawei IPR claim to the IETF is nearly
identical to the crap Cisco put out years ago in their IPR claim.
It's funny how these Chinese guys like to
Daniel Ouellet wrote:
If this was to be implemented, it might be more appropriate to show in
the
runtime state (pfctl -si) than the rule output.
I don't know. May be may be not. But I got cut with this. I had a
sysadmin do changes in a pretty big multi interface box and he use the
set skip
set skip on interface
in the display of the rules in pf with the regular:
pfctl -sr
it is not a rule.
I guess one could argue that:
set block-policy option
is not a rule either, but it does show up however:
Example 1:
In pf.conf
snip
set block-policy return
block all
snip
pfctl -sr
snip
Henning Brauer wrote:
* Daniel Ouellet [EMAIL PROTECTED] [2006-07-03 21:44]:
Is there a special reason why we couldn't see the
set skip on interface
in the display of the rules in pf with the regular:
pfctl -sr
it is not a rule.
It is an option.
Would it be beneficial to add an Options
A client is setting up a password policy, and would like to prevent users from
reusing a password for a period of time (four changes ninety days apart). Is
there a way to do this, either within the OS or via a program in ports? I've
been looking for quite a while and haven't found anything.
--
On 7/3/06, Giancarlo Razzolini [EMAIL PROTECTED] wrote:
pfctl -sI -vv shows you if an interface is skipped or not.
My 2 cents,
-w is not documented in pfctl(8). What does it do?
On 7/3/06, Clint Pachl [EMAIL PROTECTED] wrote:
Henning Brauer wrote:
* Daniel Ouellet [EMAIL PROTECTED]
FTP wrote:
On Mon, Jul 03, 2006 at 08:49:03PM +0200, Sigfred Heversen wrote:
Stuart Henderson wrote:
On 2006/07/03 13:52, Nick Holland wrote:
(contrast this to Squirrelmail, which does (amazingly) run in a
chroot
Same for Hastymail and Roundcube. I guess it's not too much of a
stretch
Nick Guenther wrote:
-w is not documented in pfctl(8). What does it do?
It is not -w it is -v that stands for -v(erbose). If you use it twice
(-vv) it increase the verbose level. It is in the pfctl man page.
My regards,
--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
On 7/3/06, Nick Guenther [EMAIL PROTECTED] wrote:
On 7/3/06, Giancarlo Razzolini [EMAIL PROTECTED] wrote:
pfctl -sI -vv shows you if an interface is skipped or not.
-w is not documented in pfctl(8). What does it do?
It most certainly is.
Try -vv ('v' 'v', as in 'victor' 'victor'), avoid
On 2006/07/03 18:25, Nick Holland wrote:
OpenWebmail is very charming because of how very little it needs to
bring into base OpenBSD to get working. I set it up for a school of
about 200 students on a PII-450, worked well (once I set up MASSIVE
amounts of swap space...having 25 students
From: [EMAIL PROTECTED]
A client is setting up a password policy, and would like to
prevent users from
reusing a password for a period of time (four changes ninety
days apart). Is
there a way to do this, either within the OS or via a program
in ports? I've
been looking for quite a
* Nick Guenther [EMAIL PROTECTED] [2006-07-03 22:35]:
unfortunate. It also doesn't help that the manpage say, next to, -s
Rule:
Note that the ``skip step'' optimization done automatically by the
kernel will skip evaluation of rules where possible. which seems to
imply that `-s rules` has
On Monday 03 July 2006 16:19, Spruell, Darren-Perot wrote:
I mention
http://www.mindrot.org/passwdqc.html not because I know it can do what
you're looking for but because it can offer a few steps up in password
quality which may also be in your policy.
Yes, it does everything I need very
On Mon, Jul 03, 2006 at 04:58:09PM +0200, Sebastian Reitenbach wrote:
I can setup a tunnel between both hosts, and route the mulitcast
packets through the tunnel and then have the IP address shared between
the two hosts?
No. CARP does not accept packets that have crossed a router, to prevent
Henning Brauer wrote:
skip steps and set skip have noting to do with each other.
set skip basically disables pf on a per-interface basis.
skip steps is an optimization in rule processing you can safely ignore.
it Just Works in the background and saves you CPU cycles :)
It does not have much
On Monday 03 July 2006 17:37, Jeff Simmons wrote:
A client is setting up a password policy, and would like to prevent users
from reusing a password for a period of time (four changes ninety days
apart). Is there a way to do this, either within the OS or via a program in
ports? I've been
STeve Andre' wrote:
On Monday 03 July 2006 17:37, Jeff Simmons wrote:
A client is setting up a password policy, and would like to prevent users
from reusing a password for a period of time (four changes ninety days
apart). Is there a way to do this, either within the OS or via a program in
On Monday 03 July 2006 17:51, STeve Andre' wrote:
On Monday 03 July 2006 17:37, Jeff Simmons wrote:
A client is setting up a password policy, and would like to prevent users
from reusing a password for a period of time (four changes ninety days
apart). Is there a way to do this, either
Chris Zakelj [EMAIL PROTECTED] writes:
Date: Mon, 03 Jul 2006 21:09:32 -0400
From: Chris Zakelj [EMAIL PROTECTED]
To: STeve Andre' [EMAIL PROTECTED]
CC: misc@openbsd.org
Subject: Re: Preventing password reuse
STeve Andre' wrote:
On Monday 03 July 2006 17:37, Jeff Simmons wrote:
A
On Monday 03 July 2006 23:29, Novak, Trevor SCIC wrote:
I'm trying to setup a wireless bridge with openbsd on a Toshiba
laptop. I'm using an SMC2532W-B (Prism 2.5) wireless card and a 3Com
3C574-TX.
Is the wi(4) in hostap mode? If not you cannot bridge...
On Tuesday 04 July 2006 05:05, Chris Cappuccio wrote:
Either way, this makes them look like the biggest fucking idiots ever.
Most people who have ever had to use any of their devices knew this already.
---
Lars Hansson
On Mon, 3 Jul 2006, Spruell, Darren-Perot wrote:
From: [EMAIL PROTECTED]
A client is setting up a password policy, and would like to
prevent users from
reusing a password for a period of time (four changes ninety
days apart). Is
there a way to do this, either within the OS or via
On Sun, 2 Jul 2006, FTP wrote:
On Tue, Jun 27, 2006 at 05:03:52PM +0200, FTP wrote:
any chance to draw some attention to the above?
Thanks
Certificates have nothing to do with Apache, much less OpenBSD. If you
want a signed certificate, you must create your own CA, or purchased a
On Monday 03 July 2006 17:37, Jeff Simmons wrote:
A client is setting up a password policy, and would like to
prevent users
from reusing a password for a period of time (four changes ninety
days
apart). Is there a way to do this, either within the OS or via a
program in
ports? I've been
L. V. Lammert wrote:
Certificates have nothing to do with Apache, much less OpenBSD. If you
want a signed certificate, you must create your own CA, or purchased a
publically-signed cert from Verisign, Eqifax, Thawte, et al.
That may be true, but mentioning man 8 ssl and referencing GENERATING
On Mon, 3 Jul 2006, STeve Andre' wrote:
On Monday 03 July 2006 17:37, Jeff Simmons wrote:
I can't resist pointing out that this is an AWFUL policy. You will be
remembering peoples passwords, a history of them, which are
very likely to be used on other systems. Thats really bad. I wonder
I can't resist pointing out that this is an AWFUL policy. You
will be
remembering peoples passwords, a history of them, which are
very likely to be used on other systems. Thats really bad. I wonder
(at least in the USA) what would happen to your company if that
data was ever stolen?
--STeve
Well, just to play the devil's advocate here ...
One of the main functions of any password hygiene program 'should' be to
prevent users from changing 'mypassword1' to 'mypassword2' and then
'mypassword3', etc. (Yes, we can force complex passwords, but the idea is
the same.)
It's fairly
On Tue, Jul 04, 2006 at 02:15:09PM +1000, Rod.. Whitworth wrote:
| Ahhh, .. that's what hash's are for; easily recreatable given duplicate
| input strings, but creating the input string FROM the hash is just about
| impossible [lacking near infinate resources].
|
| Storing hashes in a DB is just
82 matches
Mail list logo
