Daniel wrote:
Hi!
My ISP provides me ADSL service with daily changing ip. Still I must
somehow control the access to my postgresql server, to only accept
connections from my computer. Is it possible to specify a hostname (my
hostname, which gets updated at every ip change) in pf.conf and
I need to create a new user on the server which will have
the /usr/sbin/authpf as it's shell. So now I have user1 (my regular
account on that server, with a normal shell) and user1_authpf (the
authpf account). But I'm connecting to the user1_authpf account from
the same machine that I'm using
STeve Andre' wrote:
I'm trying to find a gigabit card for my A31p Thinkpad. So
far I've not gotten too far. The fact that manufacturers change
chipsets constantly doesn't make things any easier.
from sys/arch/i386/conf/GENERIC
re* at cardbus?# Realtek
Tom Bombadil wrote:
Greetings...
By any chance, will spamd delete any IPs that I add manually to spamd-white?
You won't be playing with spamd-white table except for testing.
You should declare your whitelist to spamd.conf
white:\
:white:\
:method=file:\
Darren Tucker wrote:
Index: netinet/if_ether.c
===
RCS file: /cvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.65
diff -u -p -r1.65 if_ether.c
--- netinet/if_ether.c 21 Aug 2006 21:36:53 - 1.65
+++
Marian Hettwer wrote:
However, one thing is bothering me.
Obviously, my apache access logs on those load balanced machines can
only show the IP address of my load balancer, not the real remote ip of
the request.
This is, to my knowledge, due to the fact that pf(4) is working on the
TCP layer
Christopher Snell wrote:
Hi,
Has anybody been able to run OpenBSD 4.0 or newer under Parallels
Desktop? Booting the 3.9 media works just fine and I am able to
install the OS. Booting 4.0 (or newer snapshots) media results in a
lock-up of the VM at the (I)nstall/(U)pgrade prompt. I'd post a
Joachim Schipper wrote:
On Sun, Nov 19, 2006 at 10:11:36AM +0800, Uwe Dippel wrote:
On Sat, 18 Nov 2006 21:07:57 +0100, Joachim Schipper wrote:
No clue, but upgrading is a good idea and this is what it looks like on
my box:
[...]
It doesn't look different on mine ... and the upgrade will
Igor Goldenberg wrote:
I'm trying to test gre(4) tunnel.
Both machines in one LAN. OpenBSD has IP 192.50.51.52, another end -
192.50.51.28.
[... cut ...]
First of all, use an empirical methodology.
Destroy your gre tunnel with
ifconfig gre0 down
ifconfig gre0 destroy
Clear
Mark Bucciarelli wrote:
And when does performance really start to matter for a DNS
server? Say I host 500 web sites and 500 email domains with
average traffic, for some value of average. Is a limit of
15,000 DNS queries/second ever going to be a problem? If not,
when could it become a
Henning Brauer wrote:
err... 15k pps is easily reachable
well, not on a soekris perhaps
I can't reach that value with a Dell OptiPlex GX280 w/ onboard bge(4)
MP kernel, net.inet.ip.ifq.maxlen=250, 4.0 or -current, doesn't matter.
Collision count increases monotonically. Stops forwarding
Karsten McMinn wrote:
apps are loading in under a second (including firefox) and with
the eye candy all turned on.
Under 1 second... Even Firefox...
I can not achieve similar even with prebind'ed binaries on an Athlon64
3500+ with more than 1GB empty DDR2 memory to scratch.
Good for you.
Paul Pruett wrote:
THAT said, if someone has good documentation links, helpful suggestions,
or would not mind filling in the gaps offline - I would appreciate it.
If all you want about LDAP is to authenticate your users from LDAP,
then Cyrus IMAPd will just do it from sasl interface.
Be
Maverick wrote:
Hi i am quite new to openbsd. I have download the patchs from the openbsd
website and extract it.
I run the command to fix the first bug
patch 001_sendmail.patch
However it taking more then 15 mins and still staying there. Is there any
thing wrong with what i have been doing?
smith wrote:
I second that. Why waste server resources and decrease server security, when
all Windows machines should be running their own antivirus software to begin
with.
That's the difference between border defense and field defense.
Running anti-malware software on border machines,
Pete Vickers wrote:
Hi Berk,
I'm really intereted in this. I have a load of legacy tcp session based
load balancing with I'd love to migrate to an OpenBSD/pf based solution.
Do you have a patch with applies cleanly to 4.0 ?
/Pete
Anyone caring about the patch, please see my recent post
Pete Vickers wrote:
1) When using sticky-address in the rdr rules client-server
associations are added to the internal Sources table.
It is impossible to remove entries for a single backend from this
table. If a backend fails and is removed from the rdr destination
table this
Dag Richards wrote:
Makes possible? Erm by magic? Will running that kernel ... well
Um I'd like to buy another clue please Vanna.
Ok. There you go.
src/sys/arch/i386/conf/GENERIC.MP
# $OpenBSD: GENERIC.MP,v 1.5 2005/05/01 07:54:42 david Exp $
#
# GENERIC.MP - sample
Heinrich Rebehn wrote:
Martin Gignac wrote:
On 10/23/06, Heinrich Rebehn [EMAIL PROTECTED] wrote:
Shouldn't openvpn write to /var/db or /var/log?
I don't know if these locations can be hardcoded at compile time, but
from the stock OpenBSD OpenVPN package that I use (2.0.6) it seems
that
Sylwester S. Biernacki wrote:
Hello,
about a month ago I wrote I'm glad about em(4) driver which works
pretty well on few of my boxes. However I need to change my
opinion... after what I saw today in the lab:
[ ... cut ... ]
I wanted to reply relevant sections but your message is quite
Per-Olov Sjvholm wrote:
I have read that people have tested with *very* high load with success...
I am not the best expertbut you don't say anything about the OpenBSD
config. At high load you probably have to change net.inet.ip.ifq.maxlen,
kern.maxclusters, net.inet.tcp.recvspace,
S t i n g r a y wrote:
pfctl: the sum of the child bandwidth higher than parent root_fxp0
pfctl: linkshare sc exceeds parent's sc
[... cut ...]
altq on $extif hfsc bandwidth 512Kb queue { www, msn, https, smtp, def }
queue www bandwidth 20%
queue msn bandwidth 20%
queue https bandwidth 20%
Alejandro Lozanoff wrote:
Hello list,
Following the search for supported hardware for our OpenBSD servers...
Has anyone tried OpenBSD on any of these machines? I guess it should
work on 4.0, i see that mfi(4) supports the Dell SAS controllers that
this model use. Just wondering if anyone
Joachim Schipper wrote:
I haven't seen code for Xen integration come by at source-changes, so I
presume so.
Host support may be further off.
BTW. With Xen 3.0, if you have an Intel VTx enabled CPU (e.g. Pentium
D930) it's possible to run unmodified (legacy in Xen terminology)
operating
carlopmart wrote:
One question: will be possible to install OpenBSD 4.0 as a domU under a
redhat/debian Xen based server???
Has nothing to do with OpenBSD version. Virtualization layer is mostly
managed by CPU (CPUs w/ Intel VT Extenstions or AMD's SVM extensions)
Have a look at
carlopmart wrote:
Sorry, I would like to say para-virtualized. I test it 4.0 beta under VT
hardware and works pretty well.
Then the answer is no.
Xen port of OpenBSD is in an experimental stage AFAIK.
There's a mercurial repo. at http://hg.recoil.org/openbsd-xen-sys.hg
It seems pretty active.
Joachim Schipper wrote:
I understand LSI comes highly recommended by people who should know.
Intel SRCS16 and LSI MegaRAID SATA controllers both attached by ami(4)
driver.
LSI is known to produce above the average equipment so they can be
desired. OTOH, Intel is not just another
# pkg_add webalizer
Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/amd64/:
Unknown command.
Can't install gd-2.0.33p2: lib not found fontconfig.3.0
Even by looking in the dependency tree:
jpeg-6bp3, libiconv-1.9.2p1, png-1.2.8
Maybe it's in a dependent package, but not tagged
So, I must have something else messed up then:
# /usr/local/bin/webalizer -c /var/www/sites/webalizer/test.conf
/usr/local/bin/webalizer: can't load library 'libfreetype.so.13.1'
# ls -al /usr/X11R6/lib/libfreetype.so.13.1
-rw-r--r-- 1 root wheel 647408 Mar 10 13:55
Soner Tari wrote:
What could be the reason? ACPI? PCI interrupt routing warning in dmesg?
Hardware support? Any links? Any ideas please...
Did you try with an ACPI enabled kernel?
Defining ACPI_DEBUG (sys/dev/acpi/acpivar.h) will be needed.
Even the default acpi_debug value is 11, I'm not
Supported methods per isakmpd(8):
1. Passphrase
2. Host Keys
3. X509 Certificates
4. Keynote Certificates
In fact Keynote Certificates is a bit ambiguous.
KeyNote uses X.509 certificates and other alternatives to make decisions.
I know nothing about Keynote so I'm not sure if it can be used in
Nickolay A Burkov wrote:
Hi, @misc!
Here is a very simply hack to ping. It isn't pretend to something, hope
it will be useful for anybody as endless host checking in scripts.
% ping -Q example.com echo 'abc' /dev/speaker # etc..
what is wrong with
ping -q -c 1 example.com
i What's wrong with your example is that it doesn't do anything even
resembling what he wants. Sending a single echo request is not the
same as sending echo requests for as long as it takes to get a
response,
and then exiting successfully. He even gave you an example of how one
would use
Giancarlo Razzolini [EMAIL PROTECTED] wrote:
Hi all,
[.. cut ..]
Then, when i putted the sticky-address in the main firewall, strange
things happened. The source-tracking states were created, but the
machines, sometimes, were directed to the other link, not the one in the
source-track.
Then you might tell me why, even with a source track entry set directing
traffic from one internal ip to one specific gateway, the packets
sometimes are redirected to the other gateway?
Because source tracking entries lives with state entries. As soon as the
state between the peers expire,
Joco Salvatti wrote:
[ ... cut ... ]
But I'm facing a lot of problems due to this, because
I have to specify packets that should pass through my internal and external
interfaces. I'd like any ideas or tips from PF gurus about how to
improve my firewall policies. I have an idea: allow everything
36 matches
Mail list logo
