Re: PF and Binat

On Jul 14, 2008, at 10:28 PM, Parvinder Bhasin wrote: On Jul 14, 2008, at 10:00 PM, Ryan McBride wrote: On Mon, Jul 14, 2008 at 09:48:22PM -0700, Parvinder Bhasin wrote: snip what gives? Oh, I missed this before: pass in on $ext_if proto tcp from any to 75.36.44.22 port 80 pass in on

sshd_config(5) PermitRootLogin yes

Am I reading this right? http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.80content-type=text/x-cvsweb-markup I dont have a fresh install anywhere -- but I want to say that it doesnt default to PermitRootLogin yes after the install. I remember that I filed PRs with

Re: sshd_config(5) PermitRootLogin yes

On Thu, 10 Jul 2008, Brynet wrote: The keyword here is *default*. Say you installed OpenBSD on a soekris, it's nice having root enabled temporarily. That way you can login at a later time, create a lesser privledged account, On Soekris, does the first boot console access not function

Re: sshd_config(5) PermitRootLogin yes

afterboot(8) covers this Works for me, I guess. =/ ~BAS http://www.openbsd.org/cgi-bin/man.cgi?query=afterbootapropos=0sektion=0ma npath=OpenBSD+Currentarch=i386format=html

Re: sshd_config(5) PermitRootLogin yes

the rationel why the rest of the projects changed it. ~~BAS On Thu, Jul 10, 2008 at 10:35:06AM -0400, Brian A. Seklecki wrote: Am I reading this right? http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.80content-type=text/x-cvsweb-markup I dont have a fresh install

Re: sshd_config(5) PermitRootLogin yes

types worry because they don't really understand security. On Thu, Jul 10, 2008 at 01:38:22PM -0400, Brian A. Seklecki wrote: On Thu, 10 Jul 2008, Marco Peereboom wrote: Of course it is enabled by default. Why do I want a box that is freshly installed and unreachable? No -- I just find

Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

then quick fixes that break a year later. Anybody else remember the nvidia close driver issue that Theo had foreseen years before it happened? Trust these guys. They will deliver. Brian

Re: pf log question

Make sure you're setting a state. I had the same problem with gmail, and then I realized that I had accidentally preempted the rule which was setting state on my DMZ interface. Once I fixed that I didn't have any more problems. -- chort On Jun 24, 2008, at 10:56 AM, Monah Baki wrote:

Re: snmpd

.30155.2 Or more importantly, are HOST-RESOURCES-MIB and UCD-DISKIO-MIB supported? Also, PF-MIB. ~BAS I gues this means HOST-RESOURCES-MIB::hrStorageTable and UCD-DISKIO-MIB::diskIOTable are not loaded? How can i load them? Tnx in advance, Tim - Original Message From: Brian

Re: Problem Compiling xenocara

step. Brian

Problem Compiling xenocara

in /usr/src/xenocara and /usr/xenocara? Thanks, Brian Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

Re: nagios monitoring of a remote openntp service

; [EMAIL PROTECTED]:12$ /usr/local/libexec/nagios/check_ntp_time -H ntp NTP OK: Offset -0.002711469308 secs|offset=-0.002711s; 60.00;120.00; so, it can work. -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc.

Re: snmpd

at the top of my priority list. -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc.

Re: Simple OBSD/Samba sharing/restart question

On Mon, 2008-03-31 at 12:36 -0400, Dan Brosemer wrote: But should you need to stop and start it, just kill off the [sn]mbd processes and fire them off manually. Use /etc/rc.local as your command line flag/switch reference point. ~BAS IMPORTANT: This message contains confidential

Re: configuration tweaks for CF-based systems?

one month of Blockbuster Total Access, No Cost. http://tc.deals.yahoo.com/tc/blockbuster/text5.com -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc.

Re: Vlan tagging and Carp

On Wed, 2008-03-26 at 09:32 -0400, G 0kita wrote: Hello all! I'm having some trouble with getting an OpenBSD box to properly tag packets via 802.1Q. I'm setting up an OpenBSD4.2 router pulling data off a trunk port on a Cisco 2960 switch. I can see the packets traverse the stack upwards but

Re: Vlan tagging and Carp

On Wed, 2008-03-26 at 10:01 -0400, G 0kita wrote: --- Nah, a /29 is the smallest WAN space you can use for a CARP - CARP (or HSRP/VRRP) Ethernet WAN transport. If you have that budget and business need, then you can afford the hardware and IP space. Remember, you can always use _RFC1918 private

Re: PF and application level firewall

-- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message

Re: openbsd router hardware

On Wed, 2008-03-05 at 09:55 -0800, Joe wrote: Perhaps you got a bad board in your past? I've had 10 years of bad VIA chipsets (pciide(4), etc.) Anyone who has been on the lists for a few years knows the same old story. Results 1-10 of about 3,170 for bsd VIA ATA dma error ~BAS

Re: openbsd router hardware

On Sun, 2008-03-02 at 09:04 +0100, Joerg Zinke wrote: This will be my first VIA Board, will see how it works... That's great news. I run some VIA -- not at all bad. But they've still got a long way to go before they re-earn the community's trust. A decade of problems doesn't just go away

Re: openbsd router hardware

On Mon, 2007-12-24 at 13:29 +0100, Joerg Zinke wrote: Hi, I'm looking for hardware to install an openbsd based dsl-router. I already searched the list archives and looked at WRAP and Soekris, but it seems that they do not match my requirements: - fanless - as small as possible - Soekris

Re: libc.so.39.3

It would be in the base.tgz in release 3.9 You may have upgraded and an old binary may be linked against the old version. Try making a symlink. On Sat, 2008-02-23 at 14:07 -0500, Jay Hart wrote: On base OpenBSD 4.2. What package should I install to get the above library? Thanks, Jay

Re: libc.so.39.3

On Sat, 2008-02-23 at 12:30 -0700, Theo de Raadt wrote: No, do not make a symbolic link. Right, for the record and mail archives, a symlink would only be a temp solution and is not guaranteed (likely even) to solve the problem. Obviously, Jay is not working on in a production environment,

Re: Watching the prgress of dd if=drive1 of=drive2

On Sat, 2008-02-23 at 12:15 -0800, Jon wrote: I'm using dd to clone a drive. How can I watch the progress of this or see the transfer rate in real time? http://www.openbsd.org/cgi-bin/cvsweb/src/bin/dd/dd.c?rev=1.15content-type=text/x-cvsweb-markup main(int argc, char *argv[])

Re: Watching the prgress of dd if=drive1 of=drive2

On Sat, 2008-02-23 at 12:15 -0800, Jon wrote: I'm using dd to clone a drive. How can I watch the progress of this or see the transfer rate in real time? It should accept SIGINFO (control+G) on most terminals. You may also be able to compile progress(1) ~BAS IMPORTANT: This message

Re: Thank you: Re: Watching the prgress of dd if=drive1 of=drive2

On Sat, 2008-02-23 at 13:46 -0800, Jon wrote: on some learning paths here. This mailing list is awesome. Thank you. just remember that when 4.3 CD pre-release-sales are announced :) IMPORTANT: This message contains confidential information and is intended only for the individual named. If

Re: Remote syslog

syslog-ng + transport mode IPSec (or tunnel, if you have infrastructure on either end). use pf(4) to ensure that only IPSec peers can write. ~BAS On Tue, 2008-02-19 at 21:42 -0700, Steve B wrote: and whether you are doing it over SSH or IPSEC? I have looked at various

Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60

read the man page i810(4): Option MonitorLayout anystr Allow different monitor configurations. e.g. CRT,LFP will configure a CRT on Pipe A and an LFP on Pipe B. Regardless of the primary headsb pipe it is always configured as PIPEA,PIPEB.

Question about Implementing authpf, squid and ldap authentication....

, Brian Shackelford

Re: rtorrent + OpenBSD = freeze

. Yesterday, I switched over the net/ktorrent since it supports encryption, which I am finding I need for some very low seeded torrents, where all the seeds are running encryption. I have not experienced any system freezes with net/ktorrent, and I would definitely recommend it. Brian Note: I still run

Re: rtorrent + OpenBSD = freeze

--- Pierre Riteau [EMAIL PROTECTED] wrote: I have seen this freeze with both xl(4) and nfe(4). Maybe it's time folks start posting their dmesg. Brian Looking for last minute shopping deals? Find

Re: take threads off the table

cases where threading is important. Please listen to this guy. He does a lot of great stuff, and you're taking his time away from creating more great stuff. Brian Be a better friend, newshound, and know

Re: running mail server at home

an ISP that doesnt block it and youre fine, Ive been using speakeasy for years, theyre pricey but they stay out of the way. Brian

Re: running mail server at home

. Smarthosting is not for me, I'll deliver direct.. Brian

Re: WAP setup problems

.rules: pass in on ral0 src 11:de:ad:be:ef:11 pass out on vr0 dst 11:de:ad:be:ef:11 block in/out on ral0 As to why the bridge? I'm not aware of any other way to use MAC filtering to limit access to the external interface. Regards, Brian

Re: WAP setup problems

with explicit block rules. Regards, Brian

Re: WAP setup problems

Stefan Kell wrote: Did you try using one shared-network with two different subnets? You can find an example within man dhcpd.conf. Yes, I did, with the same effect. Brian

WAP setup problems

the bridge, I lose the MAC filtering. Is there any way I can have the setup I desire? Not all registered MAC addresses will have a fixed-address, so I can allow a guest access to the external network by simply adding their MAC address to the bridge. Thanks, Brian

Re: Using Altq?

--- Chris Kuethe [EMAIL PROTECTED] wrote: Get a better NIC or a NIC with a better driver? I've used re(4), nfe(4), sis(4), fxp(4), and em(4) with bittorrent all without watchdog timeouts. And when I got the re(4), it was less than $20 for something that could do better than 100Mbps. Try

Using Altq?

method to use: cbq, priq, or hfsc? Basically, I want to attempt to avoid getting watchdog timeouts on my bittorrent connections. Thanks, Brian Be a better friend, newshound, and know-it-all with Yahoo

Re: anyone have a port of cacti?

Richard Daemon wrote: anyone have a port of cacti? www.cacti.net Heres a link to the freebsd port if you want to have a hack at it.. http://www.freebsd.org/cgi/cvsweb.cgi/ports/net-mgmt/cacti/ Brian

Re: vlan configuration: off-topic

maybe and *BSD vlan(1) wont transmit VLAN 1 as tagged (per spec) Correct -- Thank you. I misspoke. It _will_ transmit it tagged as VLAN1 (if vlan1 interface is defined), but whether the receiving VLAN1 interface on the PowerConnect can ever receive is anyone's guess. I suppose it

Re: vlan configuration: off-topic

On Sun, 2008-01-20 at 00:11 +, Mike wrote: Hey Brian, I read your post about removing dell switches from your network. Just curious which models are you referring to? PowerConnect 27xx Managed Entry-Level. Everything else is a re-branded Cisco with a crippled ISO version. ~BAS

Re: vlan configuration: off-topic

On Fri, 2008-01-18 at 11:49 -0200, John Nietzsche wrote: Dear gentleman, i am starting with vlan topic right now. I am in need to get two dell powerconnect 2724 switches to implement 3 vlan. I know how to The Dee PC2724 cant move its mgmnt vlan from VLAN1, and *BSD vlan(1) wont transmit VLAN

Re: Why do clients running BitTorrent make my router's latency go through the roof?

figure out what I need to do to provide meaningful results. Thanks, Brian Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch

Re: Suggested PF Setup when using BitTorrent?

--- Max Hayden Chiz [EMAIL PROTECTED] wrote: Perhaps this problem is specific to my configuration (or specific to DOCSIS cable modems). But if it makes Brian (or someone else's problem) go away, then it is likely that this problem is not unique. --MHC Let me read through

Re: Suggested PF Setup when using BitTorrent?

--- Stuart Henderson [EMAIL PROTECTED] wrote: On 2008/01/06 17:50, Brian wrote: --- Leonardo Rodrigues [EMAIL PROTECTED] wrote: Maybe those watchdog timeouts have nothing to do with bittorrent, and are probably more related to nic problems. Have you tried running your torrent

Re: Suggested PF Setup when using BitTorrent?

, which doesn't work as well as my sk nic. I'm not sure how to debug the issue. I just started using pf, so my original question still stands. Is there a preferred rule set for pf when using BitTorrent? Thanks, Brian

amd64 assembly registers behavior and function calls

, it looks like the parameters are written to %rbp, then to the registers per the x86-84 abi, and then the function is called? Is this the preferred way to write function calls? And I would use the same method to save the return value in %rax, right? Thanks, Brian

Suggested PF Setup when using BitTorrent?

Is there any suggested PF setup when using BitTorrent? Right now, the biggest problem I have when using BitTorrent is watchdog timeouts. Thanks, Brian Never miss a thing. Make Yahoo your home page

k9copy

Anyone in the process of porting over k9copy from the freebsd ports tree? Thanks, Brian Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt

Re: Trouble Installing OpenBSD 4.2 stable

On Fri, 2007-12-28 at 17:16 -0600, Alan Hamlett wrote: Currently running OpenBSD i386 3.8 with one 20GB IDE drive at wd0a and one 250gb IDE drive all partitioned for bsd. Trying to install OpenBSD i386 4.2 from install42.iso by trading the 250gb drive for a cd-rom drive. I keep getting

Re: Merging 2 ADSL lines

in the case of mail and web servers? I have seen this with sdsl, here is a link from a UK guy that did it. http://www.automatedhome.co.uk/Internet/ADSL-Bonding-How-To-and-Review.html Brian

Linus about C++

Hi. This is partly not OpenBSD related, and yet again someone pointed out that perhaps a lot of bug could be avoided using C++. I am writting my big paper on C and C++ and would like some comments from people who are experts. Off-list is okay, but maybe others are interested as well. I found

Using the C programming language

Hi. I address this issue on this list, because a lot of people here are very skillfull C programmers. When looking at some of the different reasons for security problems such as: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/ I can't help wonder, why so much software are being

Re: Had a strange problem with CARP preemption

On Thu, 2007-12-20 at 15:31 +1100, Dave Harrison wrote: Because carp doesn't log it's state changes etc, I've been writing the Over Christmas, I may backport the FreeBSD carp(4) logging improvements and submit them with kernel/5512. ~BAS

Re: no 4.2-stable package updates??

critical patches, and those should be pulled into 4.2-stable. Unfortunately, it isn't that easy. Some updates imply updates of depending ports (e.g. poppler and evince), which may imply further updates of dependencies. So you'll end up with -current -- more or less, including more

Re: no 4.2-stable package updates??

ports. Personnaly, I use -current (base+packages) everywhere. But this is just me. -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message

Re: no 4.2-stable package updates??

So why does that majority not provide the skills or the money to support that facility? Maybe you should use something else that panders to your appetite. Completely unable to resist a great setup presented above, is the software really free then? Brian

Re: Compliments and Knob Question

as the ultimate example of software knobbage. Brian

Re: Compliments and Knob Question

. Tech knob discussion, how about a nice boring dictionary answer. 1 a*:* a rounded protuberance *:* lump b*:* a small rounded ornament or handle 2*:* a rounded usually isolated hill or mountain This seems that a knob doesn't have to be useful. Brian

Re: How to test if pfsync is working?

On Sun, 2007-12-02 at 01:14 -0800, Jake Conk wrote: Hello, I have pfsync setup between two servers and they're connected to each The command that you're look for is: $ sudo netstat -s state | grep -A 17 pfsync pfsync: 0 packets received (IPv4) 0 packets received (IPv6)

Re: IPSEC bridge and pf

On Sun, 2007-12-02 at 19:08 -0500, tim wrote: my current pf configuration and add the use of the IPSEC bridge to that set up. Just check tcpdump -vvv -n -s 192 -i pflog0. Probably pass quick proto ipencap all etc.

Update RAIDFrame-Enabled ISO for 4.2

Updated diff, ISO image, build instructions. http://people.collaborativefusion.com/~seklecki/obsd_wRAIDFrame.html Note: There's a small problem with my regex in install.sub that prevents scanning of RAIDFrame boot lines in dmesg.boot. The work-around from the bsd.rd shell is to: $ export

Re: VPN Concentrator

On Fri, 30 Nov 2007, Khalid Schofield wrote: Hi, I'd like to make a VPN Concentrator using openbsd. I want users to be able to authenticate using usernames and passwords and to either nat the users or give them an ip from our main dhcp server via a bridge. That's a tall order. In Cisco-land

Re: pflog filling up /var mount every 2-3 days!

On Fri, 30 Nov 2007, Jake Conk wrote: Hello, I have my /var partitioned out to be 150mb which I thought was a You're probably getting a lot of log hits on a default block log all at the end of your rules. You can prevent a lot of crud by doing block quicks w/o log statements for the

Re: OpenBSD 4.1 and NFS and PF trouble

Hi guys. I have a problem with nfs and pf. When PF is on , then nfs not work. I put the hole for portmap and nfs in pf... but i think that the problem is in mountd, because mountd every time when I restart the server change his own port: # #rpcinfo -p mars

Re: snmpd on current

On Wed, 21 Nov 2007, Insan Praja SW wrote: Date: Wed, 21 Nov 2007 18:45:47 +0700 From: Insan Praja SW [EMAIL PROTECTED] To: misc@openbsd.org misc@openbsd.org Subject: snmpd on current Hi all, I'm currently running 4.2-current and installing net-snmp-5.4.1 from ports (updated). Something is

Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E

On Thu, 22 Nov 2007, Shohrukh Shoyoqubov wrote: Date: Thu, 22 Nov 2007 09:46:54 +0500 From: Shohrukh Shoyoqubov [EMAIL PROTECTED] To: misc@openbsd.org Subject: Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E From which machine do I have to do ping -I A.B.C.D E.F.G.H pf has

Re: 4.1 fresh install dc0: failed to force tx and rx to idle state

I have cut and pasted the output from ifconfig and dmesg below. I do have a non tulip nic I might try tomorrow. Try a -current kernel. If it occurs, obtain a backtrace / kernel core dump and post it. Possibly file a PR if it is warranted. It might not get fixed quickly, so grab an

Re: PF problems

On Tue, 2007-11-13 at 14:17 -0200, Kleber Rocha wrote: 10.1.1.78 tries to access the ip 10.1.100.210 on port 8080, the If xl0 faces 10.1.1.0 (outside) and bge0 faces your local (inside) 10.1.100.0/24, then your pass in statement will create a state associated with inbound traffic. However, it

Re: OS not seeing all RAM (1GiB less)

On Mon, 2007-11-12 at 22:40 -0500, C Thala wrote: What would cause an 4.1 machine running on a Dell PowerEdge 1950 to see only 3,220,439,040 bytes of RAM as opposed to the 4GB that it really has (confirmed by BIOS)? A little something-something called PAE. You're probably running 4.1/i386?

Re: Clamav

On Mon, 2007-11-05 at 10:49 -0500, Peter Fraser wrote: get updates on the virus signatures. I was going to put Well how many local patches are there? Did you try to bump the port to the version you want? Just update the Makefile distinfo and see if the patches apply cleanly. ~BAS

Re: 4.2 won't boot after fresh installation

Ok, just tried rebooting with your suggestion of: boot -c disable fdc* boot Actually, I had to quit instead of boot It stopped at the same place: fd0 at fdc0 drive 0: 1.44MB 80cyl, 2 head, 18 sec Enable verbose in ukc. It often shows silent probes that fail and lock the system

Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA

On Mon, 2007-11-05 at 07:23 +0100, Martin Toft wrote: On Mon, Nov 05, 2007 at 01:29:05AM +0100, Cabillot Julien wrote: Have you try openbsd 4.2 ? PF have been really improved in this release. pf(4) has nothing to do with isakmpd(8), except as it relates to recent addition of routing tags. -

Re: OpenBSD 4.2 hardware recommendation

On Sat, 2007-11-03 at 00:20 +0300, VP wrote: Hello! I have a network with 100 users and 7 servers and current firewall need to be replaced. I want to by brand server due to company policy. Brand as in put your company name on the hardware It can be SPARC or x86. But vendors don't

Re: OpenBSD 4.2 hardware recommendation

On Sat, 3 Nov 2007, Martin Schrvder wrote: You don't need one computer with two discs and two psus; instead get two systems and use carp to get HA. Also 2GB for a firewall is overkill. Spend the money on the NICs instead. If he's going to be doing local processing of pcap(4) data into some

Re: OpenBSD 4.2 hardware recommendation

If he's going to be doing local processing of pcap(4) data into some pcap(3), of course, is what I meant :}

Re: Custom Kernel for 4.2 upgrade

On Fri, 2007-11-02 at 20:21 +, Stuart Henderson wrote: On 2007/11/02 14:45, Jason Murray wrote: I have a 4.1 box that uses RAIDFrame so I need to compile a customer kernel in order to upgrade. I know this is not supported, but it has worked (minus the one gotcha) for me from 3.6 until

Re: OpenBSD 4.2 hardware recommendation

On Sat, 2007-11-03 at 00:42 +0300, VP wrote: It can be SPARC or x86. But vendors don't officially support OpenBSD with their hardware. We need tower server with 1 proccessor, 2 gigs of RAM, 2 SCSI disks and 2 power supply. Does anyone recommend brand server which supports For a

Re: Server trouble shooting

Since I can't connect successfully via ssh is there anything else I could be doing remotely? ...you could be researching a Lights-out-Management solution for your server (Dell DRAC, Sun LOM). Best all-around solution is a PC-Weasel (realweasel.com) connected to the system next to it (Or a

Re: OpenBSD Sound

On Wed, 2007-10-31 at 14:51 +, Tomas Bodzar wrote: And still one thing When I was try OpenBSD (I think that was 3.8),I use WindowMaker,Xmms and lots Some *BSD systems are adjusting PCM driver support to allow multiple process to open /dev/dsp / /dev/audio multiple times in-exclusively,

Re: CEF / MLS (WAS: Re: em(4) - IFCAP_VLAN_MTU IFCAP_VLAN_HWTAGGING ?)

On Mon, 2007-10-22 at 12:04 +0200, Henning Brauer wrote: * Claudio Jeker [EMAIL PROTECTED] [2007-10-22 08:17]: Fragment Reassembly does not happen in the forwarding plane, it happens on the end system. By doing flow based forwarding on the router you're no longer able to do all the

Re: Problem with MP on 4.2

first try to enable acpi and see what happens. Thanks. Enabling acpi did not make a difference, but then I disabled apm and it's working. Right -- all of the example ukc output shows how to enable acpi0 but no one ever shows how to disable apm0. ~BAS Abdul HTH, Stijn

Re: OpenBSD 4.2 RAIDFrame mirror

On Thu, 2007-10-25 at 10:50 +0200, Dominik Zalewski wrote: Dear All, I have a machine with two Maxtor 160GB hard disks. I've installed OpenBSD 4.2 on first one and I would like to use second one as a mirror. If you really want to kick as the dead horse, I can probably roll a 4.2 install

Re: SUMMARY: Still unable to get Cyclades Z serial ports working with OpenBSD

On Thu, 2007-10-25 at 14:39 -0700, Don Jackson wrote: no channels at tached Well, no channels attached tells me its a hardware issue (cables`n`shit), or the software failing to properly probe the hardware. Does it work in another system under another platform (Linux LiveCD, etc.). I use

Re: Network Time Synchronization using timed or ntpd or a Combination?

with proper separation of privileges. -Brian [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: About Xen: maybe a reiterative question but ..

. That is much closer to security than through obscurity. -Brian L. V. Lammert wrote: At 03:31 PM 10/24/2007 -0600, Theo de Raadt wrote: Certainly there is a small, compount risk increase due to multiple OS images involved, but the OS images must be analyzed independently FIRST, and THOSE

Re: About Xen: maybe a reiterative question but ..

L. V. Lammert wrote: On Wed, 24 Oct 2007, Brian wrote: Hi! I think you are missing the point about x86 hardware being a mess. Theo made an excellent point about the architecture itself having so many filthy quirks. If a VM is compromised through any means, that attacker can now leverage

Re: lookup option in /etc/resolv.conf ignored

Make sure you have restarted Firefox after making changes to /etc/resolv.conf. Specifically, the application-level DNS cache will contain old data if you have not restarted it. This bit me for 3 minutes straight after needing to redirect an address. Karel Kulhavy wrote: I want to make my OS

Re: Installing the latest snapshot freezes on i386

On Tue, 2007-10-23 at 01:42 -0700, Reza Muhammad wrote: Hi all, I just recently purchased a brand new HP Pavilion G3035L Desktop PC (spec: http://www.anugrahpratama.com/product/21/1092/HP-Pavilion-G3035L-Desktop-PC). It's using Intel Core Duo processor. I tried to install OpenBSD's

Re: Performance problem with CF card on AMD CS5536 IDE

pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: Turbo Industrial CF Card wd0: 1-sector PIO, LBA, 1983MB, 4062240 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2

Re: RAIDFrame woes with -current. Seeking debug advice

. -Brian Josh Grosse wrote: [snip] The symptom: hang after normal kernel message: Kernelized RAIDframe Activated [snip] atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LITE-ON, DVDRW SHW-160P6S, PS01 SCSI0 5/cdrom removable [snip] [demime

Re: Help! I'm having Linux foisted on me! (PF queuing woes)

egress when an IPsec SA is removed/expires before the state is removed/expires (think isakmpd and the various reasons an SA can disappear). Of course, if I am wrong and if-bound shouldn't be used in this case, ipsec.conf(5) should be updated appropriately. -Brian [demime 1.01d removed an attachment

CEF / MLS (WAS: Re: em(4) - IFCAP_VLAN_MTU IFCAP_VLAN_HWTAGGING ?)

On Mon, 2007-10-22 at 00:12 +0100, Tony Sarendal wrote: On 10/21/07, Henning Brauer [EMAIL PROTECTED] wrote: I'll throw this out there since its been something on my mind for a while: Hardware VLAN tagging, TOE offload, IP/UDP/TCP Checksum offload, interface polling are all ways to accelerate

Re: ipsec(4) routing for a branch offices

PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian A. Seklecki Sent: Thursday, October 18, 2007 2:02 AM To: misc@openbsd.org Subject: ipsec(4) routing for a branch offices On a variety of 3rd party platforms, I often establish an SA between two IPSec devices with a /16 of RFC 1918

Re: em(4) - IFCAP_VLAN_MTU IFCAP_VLAN_HWTAGGING ?

On Thu, 18 Oct 2007 14:16:59 +0100 Tony Sarendal [EMAIL PROTECTED] wrote: Just a 5 minute quick test, nothing too scientific. Thanks! What was your IXIA platform? RHEL with gig interface or an appliance? ~BAS -- Brian A. Seklecki [EMAIL PROTECTED] IMPORTANT: This message contains

Re: vlan hostname.if problem

! -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery

ipsec(4) routing for a branch offices

x.east.verizon.net vpncxxx.pub.collaborativefusion.com spi 0x0ACAEE17 seq 89 len 116 ICMP packets giving me the old slip-a-roo out the back door :} -- Brian A. Seklecki [EMAIL PROTECTED] IMPORTANT: This message contains confidential information and is intended only for the individual named

em(4) - IFCAP_VLAN_MTU IFCAP_VLAN_HWTAGGING ?

* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/

<    1   2   3   4   5   6   7   8   >