Hey there,
is is more a request for hiring someone with the experience in setting
up openbsd as a Mailserver with openLDAP and courier. Since we don't
have the time and the resources to set a server up right now I thought I
just ask this way. We are located in Dresden, Germany and looking for
Hi there!
This morning I have had to reinstall my squid-server running
amd64-current from scratch (made a dump error...).
OpenBSD 5.6-current (GENERIC.MP) #394: Wed Oct 1 12:54:54 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
(Full dmesg at the end)
When
Am 10/02/14 um 03:14 schrieb trondd:
Are you rebuilding xombrero from the ports tree or reinstalling an existing
built package?
Is your ports tree from the same snapshot as your installed system?
Yes, of course. I have two sripts to update to the latest snapshots.
First one:
#!/bin/sh
#
Hi,
I have carp setup on two pairs of interfaces on our internal firewalls
that sit between private network and DMZ. The problem is that, for some
unknown reason, from time to time, carp fails over to nat2 (backup), and
does not revert to nat1 (master), until I manually carpdemote nat2.
If I
nat1 will only preempt the nat2 after a fail-over to nat2 if the carp
group and the pfsync group have the same demotion counter.
ifconfig -g carp
ifconfig -g pfsync
So if the failover which is happening for some unknown reason is
affecting the demotion counters in anyway, preemption back to
Thanks to everyone for your help/suggestions. I think that I'm headed in the
right direction.
I still can't seem to force a ping through a particular interface, even when I
have both interfaces as default routes (I've tried both with and without mpath).
If it matters, in both cases I used a
On 02-10-2014 10:11, Jeff wrote:
I still can't seem to force a ping through a particular interface, even when
I
have both interfaces as default routes (I've tried both with and without
mpath).
If it matters, in both cases I used a lower priority (higher #) for our low
speed
metered connection.
On Thu, 02 Oct 2014 10:37:19 +0100
Andy a...@brandwatch.com wrote:
nat1 will only preempt the nat2 after a fail-over to nat2 if the
carp group and the pfsync group have the same demotion counter.
ifconfig -g carp
ifconfig -g pfsync
So if the failover which is happening for some unknown
You have not yet shown the output of ifconfig
Check the advskew values on the interfaces.
When carpdemote values are equal then advskew determines who is MASTER
Hi,
I use a OpenBSD based firewall (version 5.2, I know I should upgrade but ...)
between a 8 host cluster of Linux server and 300 clients which will access this
clutser via VNC. Each server is connected with one gigabit port to a dedicated
switch and the firewall has on each site one gigabit
On Thu, 2 Oct 2014 09:59:10 -0400
Alan McKay alan.mc...@gmail.com wrote:
You have not yet shown the output of ifconfig
Check the advskew values on the interfaces.
When carpdemote values are equal then advskew determines who is MASTER
Hi Alan,
I have posted advskew values in initial
On Thu, Oct 2, 2014 at 11:03 AM, Marko Cupać marko.cu...@mimar.rs wrote:
I have posted advskew values in initial mail (0 on masters, 100 on
backups).
That shows me what they are supposed to be.
That does not show me what they actually are.
ifconfig output will show what they actually are.
Hello Jeff,
Wednesday, October 1, 2014, 12:14:53 PM, you wrote:
J It sounds like ping -I is what I was looking for, but when I use it, it
seems
J to be sending out the packet with the right source address, but sending it to
J the wrong interface.are there any tricks here?
J Here's some
jum...@yahoo.de (Patrick), 2014.10.02 (Thu) 16:32 (CEST):
Hi,
I use a OpenBSD based firewall (version 5.2, I know I should upgrade
but ...) between a 8 host cluster of Linux server and 300 clients
which will access this clutser via VNC. Each server is connected with
one gigabit port to a
On Sat, Sep 27, 2014 at 07:24:52PM +0100, Craig R. Skinner wrote:
On 2014-09-25 Thu 15:18 PM |, Maurice McCarthy wrote:
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
More vulnerabilities in #bashbug: #Shellshock becomes whack-a-mole
for security engineers
Hello Stefan,
just shooting in the dark, do you have a dbus daemon running?
Regards,
Ville
On Oct 2, 2014 12:07 PM, Stefan Wollny stefan.wol...@web.de wrote:
Am 10/02/14 um 03:14 schrieb trondd:
Are you rebuilding xombrero from the ports tree or reinstalling an
existing
built package?
grazzol...@gmail.com (Giancarlo Razzolini), 2014.10.02 (Thu) 15:39 (CEST):
On 02-10-2014 10:11, Jeff wrote:
I still can't seem to force a ping through a particular interface, even when
I
have both interfaces as default routes (I've tried both with and without
mpath).
If it matters, in
On 2014-10-02, Jeff j...@usedmoviefinder.com wrote:
Thanks to everyone for your help/suggestions. I think that I'm headed in the
right direction.
I still can't seem to force a ping through a particular interface, even when I
have both interfaces as default routes (I've tried both with and
Hello Patrick,
On 2 October 2014 17:32, Patrick jum...@yahoo.de wrote:
Hi,
I use a OpenBSD based firewall (version 5.2, I know I should upgrade but ...)
between a 8 host cluster of Linux server and 300 clients which will access
this clutser via VNC. Each server is connected with one
On 2014-10-02, Stefan Wollny stefan.wol...@web.de wrote:
Hi there!
This morning I have had to reinstall my squid-server running
amd64-current from scratch (made a dump error...).
OpenBSD 5.6-current (GENERIC.MP) #394: Wed Oct 1 12:54:54 MDT 2014
On 2014-10-01, Leonardo Santagostini lsantagost...@gmail.com wrote:
Ok, here i go, i downloaded pidgin from original web and sipe from their
web too.
This procedure does not adjust to the procedures folllowed by openbsd but,
its valid to get pidgin / sipe working =)
Not a great idea.
If the
I can't tell if you're actually rebuilding and reinstalling your ports.
What does 'pkg_info | grep gtk' show?
Either the src and ports trees are out of sync or your installed ports are.
On 2014/10/02 17:21, aluc...@phangos.fr wrote:
Or you can use a static route to force reaching the ip from an interface.
Would be more secure than bringing down a working interface just to check if
another one is working ...
I didn't suggest that ;)
This would only be needed to spot the main
Hi
Try setting the advskew to a number greater than 200 and less then 254.
This seems to be the most stable.
For best practice our primary runs with carp and pfsync values of '1'.
And the backup runs with carp and pfsync values of '2'.
We do this for two reasons.
1) it is extremely
PS; I would recommend setting the carpdemote to be a maximum (lowest) of
1, becuase then if something happens to the primary box, and you can't
get into it for some reason, at least you could set the carp demotion
counters on the backup to 0' and remotely preempt your primary.
On 02/10/14
Setup some queues and prioritise your ACK's ;)
The box is fine under the load I'm sure, but you'll still need to
prioritise those TCP acknowledgments to make things snappy when lots of
traffic is going on..
On 02/10/14 17:13, Ville Valkonen wrote:
Hello Patrick,
On 2 October 2014 17:32,
Hi Everyone,
With the addition of a carefully constructed route-to rule I now have all of the
individual pieces working. Now, with some careful plumbing and testing I should
be all set. The final solution will be a combination of ifstated, multipath
routing
(prioritized) and ping -I; thanks to
On 2 Oct 2014 at 18:15, Andy wrote:
Setup some queues and prioritise your ACK's ;)
The box is fine under the load I'm sure, but you'll still need to
prioritise those TCP acknowledgments to make things snappy when lots of
traffic is going on..
All these (otherwise valid) suggestions are
On 02-10-2014 16:12, Jeff wrote:
With the addition of a carefully constructed route-to rule I now have all of
the
individual pieces working. Now, with some careful plumbing and testing I
should
be all set. The final solution will be a combination of ifstated, multipath
routing
(prioritized)
На 02.10.2014 19:18 Remi Locherer remi.loche...@relo.ch написа:
On Tue, Sep 23, 2014 at 06:34:50PM -0500, athom...@athompso.net wrote:
Synopsis: bgpd(8) dies when accepting phessler's spam feed
Category: user
Environment:
System : OpenBSD 5.5
Details : OpenBSD 5.5
On 02-10-2014 17:30, System Administrator wrote:
All these (otherwise valid) suggestions are useless until we know more
about the specific firewall in question -- information best delivered
in the form of dmesg, 'pfctl -si' output and other statistics as
indicated in Ville's response below. I
Or you can use a static route to force reaching the ip from an
interface.
Would be more secure than bringing down a working interface just to
check if another one is working ...
Cheers,
Louis
On 2014-10-02 17:09, Stuart Henderson wrote:
On 2014-10-02, Jeff j...@usedmoviefinder.com wrote:
Hi Andy,
Setup some queues and prioritise your ACK's ;)
Good idea, I will try to implement a Priority Queueing with the old altq.
Best Regards,
Patrick
On Thu, 2 Oct 2014, Andy wrote:
Setup some queues and prioritise your ACK's ;)
The box is fine under the load I'm sure, but you'll still
On Thursday, October 2, 2014 at 4:29 PM, Markus Rosjat wrote:
is is more a request for hiring someone with the experience in setting
up openbsd as a Mailserver with openLDAP and courier.
You can try iRedMail, it's free and open source mail server solution.
With iRedMail, you can setup a
Hi Ville,
$ pfctl -si
Status: Enabled for 597 days 07:40:45Debug: err
Interface Stats for em0 IPv4 IPv6
Bytes In 30397895135138 4212405499
Bytes Out 358299989496464 64
Packets In
Passed
For reasons beyond my control and if I want to continue running my own email
server, I need to
change the MTU size to max of 1476. I ran ifconfig re1 mtu 1476, and this
command took,
ifconfig reported mtu size of 1476.
Re1 is setup using dhcp and I want to know how to make this (mtu size 1476)
I'm pretty sure that any parameter you can pass to ifconfig on the command
line, you can also put into the interface's /etc/hostname.* file. It will
then be set at every boot or anytime the interface is restarted with
netstart.
Tim.
Unless I do not read the man page properly the information is available
there.
NAME
ifconfig — configure network interface parameters
SYNOPSIS
ifconfig[-AaC] [interface] [address_family] [address [dest_address]]
[parameters]
...
and lower you have:
...
The following parameters may be
On 10/03/14 16:27, Daniel Ouellet wrote:
Unless I do not read the man page properly the information is available
there.
NAME
ifconfig — configure network interface parameters
SYNOPSIS
ifconfig[-AaC] [interface] [address_family] [address [dest_address]]
[parameters]
...
and lower you
39 matches
Mail list logo
