Re: Hardware (firewall) recommendation

* Sebastian Reitenbach [2012-04-17 10:40]: > On Tuesday, April 17, 2012 09:35 CEST, Henning Brauer > wrote: > > > * Marcin [2012-04-17 08:59]: > > > I am looking for a hardware recommendation for a new OpenBSD based > > > firewalls. So far I have been usi

Re: Hardware (firewall) recommendation

cious data on those disks and have two machines. I'm very happy with Supermicro X9SC* based systems, with Xeon E3-1220 and an Intel SSD. Check with your local supplier for exact model options. Superior performance, 35W idle, no trouble whatsoever, fair pricing. -- Henning Brauer, h...@b

Re: How to have more than 15 pflog interfaces?

* patrick keshishian [2012-04-11 14:55]: > On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote: > don't you need two different index vars for this next > section? no, why? > > + for (i = 0; i < n; i++) > > + if (i < npflogifs) > >

Re: How to have more than 15 pflog interfaces?

* Siju George [2012-04-11 14:25]: > On Wed, Apr 11, 2012 at 3:50 PM, Henning Brauer wrote: > > > > please try this & report back > > > > Thanks Henning but I need some help :-( > > I got the following errors and I have attached the .rej files diffs are

Re: How to have more than 15 pflog interfaces?

* Henning Brauer [2012-04-11 11:26]: > * Siju George [2012-04-10 08:16]: > > On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera wrote: > > > altering the max might have consequences i don't know about: > > I will stick with 15 :-) > > actually, bumping it sho

Re: How to have more than 15 pflog interfaces?

amically allocate the pflogifs array. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: using relayd in transparent mode

* Bjxrn Knutson [2012-03-28 11:31]: > I don't know if you have seen this article at > https://calomel.org/relayd.html , and or if it can help you . certainly not. everything on calomel.org is garbage. reading some other fairy tale is more insightful. -- Henning Brauer, h...@bs

Re: PF and prio keyword

k on $int_if from prio 3 > #Admins have the highest priority > pass in log quick on $int_if from prio 7 that might be a bit excessive logging :) > #pass out from "the" interfaces > pass out from ($int_if) > pass out from (egress) -- Henning Brauer, h...@bsws.de, henn...@op

Re: ctrl+alt+backspace bypasses xlock and allows terminal access

* Brett [2012-03-24 03:18]: > On Sat, 24 Mar 2012 02:43:53 +0100 > Henning Brauer wrote: > > * Brett [2012-03-24 01:56]: > > > > its normal behaviour. from xorg.conf(5): > > > > > > > > Option "DontZap" "boolean" &

Re: ctrl+alt+backspace bypasses xlock and allows terminal access

> > This action is normally used to terminate the Xorg server. When > > this option is enabled, the action has no effect. Default: off. > > Would it make sense for this to be the "secure by default" default? how exactly is preventing yourself from killing your o

Re: PF and rtables (VRFs)

le this will be kind of a DOS  > other zones are no longer able to create new pf states no, there is noc such limit atm. you can and probably should have limits on the individual rules tho. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Se

Re: Suggestion

please, windows licensing and the liek are _completely_ off-topic. please just let this thread die and let us come back to what this list is for, OpenBSD-related questions and answers. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure

Re: default action on corrupt udp packets

PF_PASS;" within pf.c. it's the same to the compiler -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: Which automake and autoconfig versions to compile NTOP v4?

> As in all of my 1 week being here not much help goes on just > arguments and flames. happens every now and then. it's not that we particularily like that, but that's apparently the price for an open list. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Servi

Re: My OpenBSD 5.0 installation experience (long rant)

install right onto softraid. and guess what, I'm certain that'll happen rather sooner than later. > Yes. Is it a technical challenge to implement further assistance? "are you sure" style questions are certainly not "further assistance" but rather annoying for mos

Re: My OpenBSD 5.0 installation experience (long rant)

to scroll up. that red shiny button... > The big question is, is this problem one that is common? the fact that this afaict has never come up before here in all the years is more than just a hint. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Servi

Re: My OpenBSD 5.0 installation experience (long rant)

a user who doesn't pay attention to the text on his screen - especially while installing an OS, writing to disk, working with the artition table, the risk there is utterly obvious, you gotta at least pay attention. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http

Re: My OpenBSD 5.0 installation experience (long rant)

ng this for a couple of years and I don't remember this coming up ever before. Which pretty much indicates that this is just not a problem in practice. > Maybe the OpenBSD philosophy is just not for me. Maybe you just need to be a bit more open-minded and stop assuming OpenBSD is j

Re: Trusting the Installation

* Rudolf Leitgeb [2012-03-05 13:21]: > Am Montag, 5. Mdrz 2012, 12:36:56 schrieb Henning Brauer: > > * Rudolf Leitgeb [2012-03-05 12:01]: > > > That's the reason why companies which make secure encryption devices > would > > > never trust any CPU/OS combo. D

Re: Trusting the Installation

* Rudolf Leitgeb [2012-03-05 12:01]: > That's the reason why companies which make secure encryption devices would > never trust any CPU/OS combo. Depending on paranoia they offer you either > an FPGA based solution or a hard wired one from logic ICs. dream on. -- Henning Brauer

Re: OpenNTPd leap-second handling

* Christian Weisgerber [2012-03-04 21:46]: > Henning Brauer wrote: > > > > A brief skim of the source (4.6p1) suggests that OpenNTPd passes on > > > > well, 4.6 is ancient. unfortunately nobody maintains the portable atm. > > The problem is that OpenNTPd stopp

Re: OpenNTPd leap-second handling

* Phil Pennock [2012-03-04 21:05]: > On 2012-03-04 at 19:30 +0100, Henning Brauer wrote: > > * Phil Pennock [2012-03-04 13:23]: > > > https://github.com/syscomet/openntpd > > > > please note that it takes a bit more for a new portable release, > > namely, a

Re: OpenNTPd leap-second handling

* Phil Pennock [2012-03-04 13:23]: > On 2012-03-03 at 12:24 +0100, Henning Brauer wrote: > > * Phil Pennock [2012-03-02 16:32]: > > > A brief skim of the source (4.6p1) suggests that OpenNTPd passes on > > well, 4.6 is ancient. unfortunately nobody maintains the portable

Re: OpenNTPd leap-second handling

it afterwards as though fast" approach the planned > behaviour, or merely a result of nobody getting around to implementing > something better? more of the latter then the former. > Is there likely to be a release changing the behaviour before July 1st? no. -- Henning Brauer, h

Re: Google SoC 2012 is accepting open source organisations

isted as supporter when in fact their page is > clearly Linux-only. pls drop a mail to www@ then with this bit of info and ask for them to be removed from support.html. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: Router project on OpenBSD questions

the planet of course. details just complicate things. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: ethernet-to-serial support

these to the 'net, but it's good enough for a seperate vlan or the like to an openbsd box that you either run conserver on or just use to jump through. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Serv

Re: an idea to implement in bgpd/bgpctl

eps in the mind, but I would > prefer having that done by machine. > > What do you think? I'd look at the diff -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Ful

Re: How to deal with DDoS ?

ocally terminated connections anyway I gave the OP some input in private mail which I don't think belongs in public. There is no one-size-fits-all recipe for dealing with DDoS. And I certainly don't want to teach people how to make better DDoS attacks. -- Henning Brauer, h...@bsws.d

Re: Dell Fan Speeds / Power management (OS CONTROL) & Crapy data center.

* keith [2012-02-17 14:33]: > an "operator" was saying that it's the fan's in the servers that > consume all the power. He's wrong, the power LED takes all the power. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Servi

Re: Unbound in base

nd anyway - i have never seen such a dramatic design fuckup as the bind10 design docs, and anything depending on PYTHON (gimme a break) will never make it into base anyway. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mai

Re: Bad Checksum on i386-current

* Christiano F. Haesbaert [2012-02-11 14:25]: > I think pf is not recalculating the checksum after nating, not sure if > it should, henning ? ip_output does that unconditionally, and i fixed the bridge to do that too -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services

Re: Rescan SCSI bus

* Pierre Berthier [2012-02-09 14:21]: > anyone knows how to get a scsi bus rescan after adding a disk, without > rebooting? you can't really right now. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and D

Re: looking for hardware recommendations, x86 or otherwise.

d such). correct. > Still probably more expensive than Alix, though. also correct, but their pricing is fair. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henni

Re: pf.conf man page question (pass rule matching vs. state creation)

ly? no, the last one creates state (simplified, it isn't THAT simple anymore, but that is still what it comes down to). > Should I be using match rules to do nat-to/rdr-to instead? should? maybe. depends. whatever is easier in your case. could? yes. -- Henning Brauer, h...@bsws.de, h

Re: Long delay updating xenocara source tree?

ssue.) > Pears similar ciao, that's what many of us do - full repository, synced somehow (i personally rsync from another machine which in turn speaks cvsync to bob) locally. Especially convenient when you sit in an airplane or the like and want to diff... -- Henning Brauer, h...@bsws.de, hen

Re: /bsd: carpN: ip_output failed: 65

announcements. 65 is EHOSTUNREACH and exactly the error in that case. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: ntpd sendto: Can't assign requested address

ace? if so, playing with sysctl net.inet.ip.port* should help. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: locate weirdness

extremely vague memories of something weird with locate somewhen in the past. might misremember, doesn't matter, haven't seen anything like that for a long time, so my advice is to upgrade. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Se

Re: Misc Toughts

;echoreq" > comp3="192.168.0.3" > > For maintenance sake, would it not be > appropriate to define the other > mysterious outgoing interface "fxp0" > as well, as declared in the following > options section? > > The ruleset migh suffer a little b

Re: BFD (a la. RFC5880/5881)

uchlike, merely a > tentative status query. (BFD is appearing more & more frequently in the > multi-vendor environments some of my OpenBSD boxen reside in). we've been talking about it for at least 2 years now, but so far nobody got around to actually write the code :( -- Henning Brau

Re: [PF] bug in port range.

fact > I've found this strange behavior while translating a Cisco acl : > > permit tcp any any range ftp ftp-data > > Translated to "port ftp:ftp-data", which if I understand well does not > mean anything for PF. right. pilot error. -- Henning Brauer, h...@bsws.de

Re: [PF] bug in port range.

82 you ought to write 80 >< 82 and not 82 >< 80. > Then, port 81 is not filtered out. correct, that is exactly what you told pf to do and it does. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail an

Re: Longsoon/Godson MIPS boxes, where to buy?

care to introduce them to me? > Got it, asshole? a lemote? nope, I don't have one. > I'll say to you what I said to the previous motherfucker who felt it > necessary to impress me with his vast lack of knowledge on actually > answering the question: go fuck yourself. Bye asshole! hey miod, we must convince the rest of us to leave openbsd, this guy here said so, and he's obviously an omniscient genius. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: openbgpd: change req not in table

> internal routes. that should not make a difference. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: openbgpd: change req not in table

in its copy of the kernel routing table. now of course the question is why. could be a bug somewhere, could be rdaomains related if you use them (speculation!), could be a missed message on the routing socket. or sth else. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://

Re: Need some suggestions abt application inside chroot

f you ask that question there is very likely no point in you to "check and verify" wether a certain application should be chrooted. chroot by itself is not a security measure to begin with. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Se

Re: Longsoon/Godson MIPS boxes, where to buy?

w go away.. asking the people whom's work you rely on to go away is the behaviour of a true genius. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: how to choose outgoing IPv4 address/interface ?

* Claudio Jeker [2011-12-30 23:32]: > On Fri, Dec 30, 2011 at 05:08:28PM +0100, Henning Brauer wrote: > > * PP;QQ P(P8P?P8QP8P= [2011-12-30 05:21]: > > > why does OpenBSD choose vlan379 ? how can I make it use vlan200 for > > > all outgoing traffic except bgp commu

Re: inteldrm_attach still broken

won't get fixed (unless someone else runs into it too and doesn't pick stupid workarounds). this however IS useful to (mostly) verify inteldrm itself is to blame. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosti

Re: UTM appliance

* Hassan Monfared [2011-12-30 10:18]: > I wanna choose a hardware appliance to make a UTM based on OpenBSD, does > anybody have recommendation? yes, I have one. stop believing marketing lies. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-S

Re: how to choose outgoing IPv4 address/interface ?

- look for "set nexthop" in bgpd.conf.5 -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: newfs, fsck slow

* Wesley M. [2011-12-21 09:22]: > When i do a newfs on HD 500Go , it takes much more times using > OpenBSD 4.9 instead of 5.0 RELEASE. > Same problem using fsck -y dev. Why ? because we made it faster after 4.9 was released?!? -- Henning Brauer, h...@bsws.de, henn...@openbsd.o

Re: strange tcp rst with rdomain

; >> f2n0:/root# > >> > >> also, I did > >> > >> f2n0:/root#grep -v ^# /etc/pf.conf > >> > >> set skip on lo > >> > >> pass in vlan2 rtable 2 > >> pass in vlan4 rtable 4 > >> > >> pass > &g

Re: upgrade OpenBSD

27;s simple: from the previous release is the only thing we test. from older ones usually works, but as said, it doesn't get tested and thus might break. and then you'll have to deal with that. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-S

Re: Automatic "fsck -y" at Boot

* Rudolf Leitgeb [2011-12-19 14:40]: > Am Montag, 19. Dezember 2011, 13:52:40 schrieb Henning Brauer: > > gotta compromise for crippled systems. solvable with a little shell > > script run from cron and rc.shutdown. > Wait: your solution would be to periodically remount some v

Re: OpenBGPD not reporting blackhole as nexthop from bgpctl output

GB0 14 3316048 lo0 > > > Is this intended behavior? yes, it is. I do admit indicating the blackhole nexthop in show rib would clear things more up. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosti

Re: Automatic "fsck -y" at Boot

* Rudolf Leitgeb [2011-12-19 10:17]: > Am Freitag, 16. Dezember 2011, 21:49:18 schrieb Henning Brauer: > > in these cases - where "runs" is the top priority and manual > > intervention is hard - you most probably want to run with ro / and an > > mfs or three.

Re: OpenBSD in a dual stack anycast DNS resolving setup

* Claudio Jeker [2011-12-16 22:58]: > So when will ISC start to integrate Quagga into BIND? A DNS server needs > its own routing suite. when it has been rewritten in python. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure H

Re: OpenBSD in a dual stack anycast DNS resolving setup

on. this is something where non-developers can easily jump in. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: Automatic "fsck -y" at Boot

* Rudolf Leitgeb [2011-12-16 10:50]: > Am Freitag, 16. Dezember 2011, 10:26:27 schrieb Henning Brauer: > > there is no solution but a proper remote console access, i. e. cereal. > > it is completely beyond me why some people accept anything else. > > yes yes, some/many prov

Re: Automatic "fsck -y" at Boot

* Stefan Beke [2011-12-16 10:57]: > On Fri, Dec 16, 2011 at 10:26, Henning Brauer wrote: > > it is completely beyond me why some people accept anything else. > Because it fits their needs. util something breaks and trey notice that they're doomed and whine, yes. > Sometimes

Re: OpenBSD in a dual stack anycast DNS resolving setup

, which is itself unsupported by a quite a > few Java projects (ie, Jira). stop whining already. as much as java is sh**, we do run very big java application servers for customers on openbsd. no problems. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de,

Re: Automatic "fsck -y" at Boot

nge the 'fsck -p' in /etc/rc to whatever varient you wish. > >> > There > >> > is, to my knowledge, no knob. > >> > >> You probably realise but be aware you can lose data with fsck -y but > >> only on writable filesystems? > >>

Re: OpenBSD/amd64 runs on computers equipped with AMD Athlon64

ng to my cheap little wattage testing device). > At first I said "sweet!" but then I realized if you have to run a build for > 24 hours you probably haven't saved any energy ;-) build? build WHAT? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://

Re: OpenBSD/amd64 runs on computers equipped with AMD Athlon64

* Peter Kay [2011-12-13 01:20]: > On 12 December 2011 21:29, Henning Brauer wrote: > > > * sc...@web.de [2011-12-12 16:06]: > > > > > BTW: the ethernet on the motherboard (Asus K8U-X) does not work. > > > "Acer Labs M5263 LAN" rev 0x40 at pci0 d

Re: OpenBSD/amd64 runs on computers equipped with AMD Athlon64

* sc...@web.de [2011-12-12 16:06]: > Peter Kay wrote: > > > Wikipedia says 'AMD64 supported by: all models with an OPN ending in > > BX and CV' and 'E6 stepping or later' > > It seems I have a BO: SSE3, but not AMD64 according to dmesg. > &

Re: OpenBSD/amd64 runs on computers equipped with AMD Athlon64

sabled, and of course the properties of that core, this one is a no-brainer. boot amd64 bsd.rd. either it boots or it doesn't. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Ro

Re: ALIX 2 Hangs on boot at date/time

type anything. Any ideas? you have no getty on cereal. enable it in /etc/ttys. if you had just ignored all the myths about CF and wear and such bs and installed openbsd the installer would have done that for you. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http:/

Re: maildir in sendmail

* Dennis Davis [2011-12-08 12:57]: > The exim MTA should be able to deliver mail directly in maildir 1) that wasn't the question 2) running exim is about as clever as running sendmail version 4, driving a wheelchair on the autobahn or trusting Cameron. -- Henning Brauer, h...@bsws.

Re: using ssh to forward the install console

1 and then running the install from a serial port. and how exactly do you force your PCI puc onto address 0x3f8? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Hen

Re: carp with different versions of OpenBSD

7;s on-the-wire format hasn't changed in ages. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: using ssh to forward the install console

usb cereal once booted - and if you end up i ddb> your console is unusable again since your usb stack might be wedged, the usb kthreads don't get to run as long as you're in ddb>, ... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service

Re: RAM seen vs. RAM available HP ML 570 G2

s not have any PAE support. The fact that some bits are in the source tree doesn't have much to do with it. See it as hints for a developer who wants to pick up the PAE work. But since most i386 machines with >4G are amd64-capable and this not being something easy I don't see that hap

Re: correct netmask on carp interfaces

* Kapetanakis Giannis [2011-12-04 14:28]: > On 03/12/11 15:16, Henning Brauer wrote: > >i really dunno where you diverged, but with the setup i described > >you have internet access on the slave too, perfectly fine - given > >your carpdevs have routed IPs and you set

Re: network tuning for high bandwith and high latency

mory" is a bit misleading, we're talking about pretty special memory here - but yes, hundreds or thousands of sockets with 2MB buffers in use each would be a problem. there is a backpressure mechanism in the autosizing algorithm to (try to) avoid this; we might very well want to increa

Re: correct netmask on carp interfaces

interfaces of the firewalls. > > About the default gw, you may add ifstated(8) in the game to make > the slave change his gw to the master fw and not the (default) > remote router. i really dunno where you diverged, but with the setup i described you have internet access on the slave too

Re: network tuning for high bandwith and high latency

* Sebastian Reitenbach [2011-12-02 16:16]: > On Friday, December 2, 2011 15:30 CET, Henning Brauer > wrote: > > well, you actually found the answer yourself. if your em is running at > > 100M the 10MByte/s download is superb. Why it isn't going to gig - dunno. > &

Re: network tuning for high bandwith and high latency

is running at 100M the 10MByte/s download is superb. Why it isn't going to gig - dunno. your other issue is wasting time, electrons, energy and whatnot with calomel.org garbage. if someone feels like he could do the broader community a favor, track down whoever runs that site and at least

Re: how to find dependencies when building a new kernel

* Henning Brauer [2011-12-01 13:21]: > the extra cost for a flash card of a reasonable > size, yes even hundreds of cases, can't be cheaper than the (not free) > work time it takes you to build your strange images. err... that is pretty much the opposite of what I wanted to say. &

Re: how to find dependencies when building a new kernel

ob to the community. awesome. that rightly fails. and yes, there is very little knowledge about stripping kernels in the community because it is, in almost any case, stupid. heck, I'll waste some of my time to be nice. the lines you want to lok at and possibly remove are either "opti

Re: altq on a variable bandwidth interface

providing. given this, what do I > type into my pf.conf to make this happen? altq priq is a bit more than a simple prio queuer. you can use the first bits of the upcoming queueing system that made 5.0, see the prio keyword in pf.conf but be warned that the syntax isn't set in s

Re: correct netmask on carp interfaces

- aliases on 9.0.0.0 with /32 masks on carpdev em4 here it is better to have the /28 on em4 and /32 on the carp ifs. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Mana

Re: correct netmask on carp interfaces

clean that up. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: altq on a variable bandwidth interface

* Jussi Peltola [2011-11-24 15:18]: > On Thu, Nov 24, 2011 at 02:21:57PM +0100, Henning Brauer wrote: > > that changes the order how exactly? > > the only valid point is that the modem drops packets regardless of > > their priority while we would drop low prio first

Re: altq on a variable bandwidth interface

* Christopher Zimmermann [2011-11-24 12:28]: > On 11/23/11 20:58, Henning Brauer wrote: > > * Jussi Peltola [2011-11-20 04:09]: > >> On Sat, Nov 19, 2011 at 08:58:46PM -0500, quartz wrote: > >>> is there a way to set up altq+priq on an internet connection with

Re: altq on a variable bandwidth interface

minimizes the effects - foremost when there is congestion on that slower link. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: makewhatis on /usr

sed anyway :), we're much closer to that optimum than ever before. > With respect to the weekly makewhatis, I think that's a bug in the > weekly(8) script: It should not blindly assume that every database > listed in man.conf(5) is on a writable filesystem. that I agree with compl

Re: snort and pf - pflog vs

* Henning Brauer [2011-11-14 21:27]: > while this is all correct, let me try to pahse it in a way that i > think is clearer. the bpf hooks (aka where bpf grabs the packets) are > "outside" pf, i. e. inbound packets hit pf before

Re: snort and pf - pflog vs

sofar that it is "outgoing" only, except that it sends nowhere and "just" feeds bpf - and as you noted, only sees packets pf is explicitely told to send there. > I doubt that snort ever worked in another way. i can confirm that the bpf - pf order has always been like

Re: nginx

garbage as the rest of that site. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: optimize adsl bandwidth

ax. I don't wanna hear whining about that, people have been warned. i'm getting the impression we missed the opportunity to group all packet-modifying statements in a set(...) or set { ... } block with the big syntax changes :( -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Se

Re: using xmodmap to make Caps Lock a control key: worked <= 4.9, broken in 5.0

ked fine. B But as > > of my newly-installed 5.0-release, this seems to be a no-op: "Caps Lock" > > stays a caps-lock key. > > You can just run "setxkbmap -option ctrl:swapcaps". which is not what he is after. setxkbmap -option ctrl:nocaps -- Henning Brauer,

Re: Has php-fpm been left out of OBSD 5.0 ?

s as the websites user. it has been enabled just after 5.0 - miss :( -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: Pointers on starting X, then run browser and when it quits, automatically shutdown the computer X

/bin/startx >/var/log/Xdisplay 2>&1 When you quit Firefox, X will terminate, too. Your other requirements > are a bit trickier though. not really - if you start X in rc.local and don't background it just poot halt -p as last command in rc.local. -- Henning Brauer, h...@bsws.de, h

Re: root filesystem on softraid

x27; > 1 Rebuild 458G 0:1.0 noencl > 'unknown serial' -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: 1 Mpps router and OpenBSD?

o that the absolute numbers are pretty much useless. the RELATIVE numbers are the interesting ones. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/

Re: CARP failover and states expiration

e never noticed that. That is a bug. > Is there any way to control it? find & fix the bug :) -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning B

Re: Polite enquiry as to if anyone is working on 64 bit time_t, and if so, what's the plan?

quot;many of them use 32 bits today" makes it sound like a) that was common and b) right. it isn't. certainly not b). time will tell us (oh the irony) about a). -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and

Re: ACPIv2

much more about this topic... ACPI is not primarily about power management. ACPI is also not an option for halfway modern machines. stop pushing buttons. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services

<    1   2   3   4   5   6   7   8   9   10   >