Hi!
On 2016-02-25 12:52, Oliver Peter wrote:
On Thu, Feb 25, 2016 at 09:42:25AM +0200, Imre Oolberg wrote:
Hi!
On 2016-02-22 20:08, Stuart Henderson wrote:
>On 2016-02-21, Imre Oolberg <i...@auul.pri.ee> wrote:
>>Hi!
>>
>>I am in the middle of implementing
https:/
Hi!
On 2016-02-22 20:08, Stuart Henderson wrote:
On 2016-02-21, Imre Oolberg <i...@auul.pri.ee> wrote:
Hi!
I am in the middle of implementing
https://www.dns-oarc.net/tools/dsc/
while on OpenBSD is running nameserver process i.e. there needs to
be
also collector part of DSC an
Hi!
I am in the middle of implementing https://www.dns-oarc.net/tools/dsc/
while on OpenBSD is running nameserver process i.e. there needs to be
also collector part of DSC and I am not succeeding compiling it.
Platform is OpenBSD v 5.8 amd64 and source is dsc-201502251630.tar.gz.
After
Hi!
I write here for the record so possible arvhive readers know that this
thread ended in couple of private emails with developer and he fixed
this problem. Short version and what i can narrate is that i used
GENERIC i.e. single cpu kernel and my situation was specific to this
kernel. Had i
Hi!
I read a news today about Xen being enabled and tried it out with the
Jan 15th snapshot
SHA256 (install59.iso) =
8d16aeb686a1dcc3ce6e8c5192f8708d3878f7690429c843176c5e755386e4f9
on Xen v. 4.5.1 compiled from Xen sources on Debian v. 8 Jessie running
on an ordinary amd64 Intel
Hi!
On 2015-12-08 10:50, Stuart Henderson wrote:
On 2015-12-08, Imre Oolberg <i...@auul.pri.ee> wrote:
Hi!
I have used pflow 5 successfully before but now on OpenBSD v. 5.8 it
seems to refuse working. Config looks like this
# cat /etc/hostname.pflow0
flowsrc 192.168.10.125 f
Hi!
I have used pflow 5 successfully before but now on OpenBSD v. 5.8 it
seems to refuse working. Config looks like this
# cat /etc/hostname.pflow0
flowsrc 192.168.10.125 flowdst 192.168.10.250:9784 pflowproto 5
description "pflow"
and i start it with (also tried to start manually as man
Hi!
So far i have used OpenBSD either on older servers or on ordinary older
PC's for packet filtering etc. Now i would like to give it a try and use
more-or-less contemporary so to say SoC form-factor board (i think this
is what i need because among other things i need to have clamav and it
Hi!
I must apologize i didt read thru your text attentiatively but i
believe it is because of arp. Although i am just an user of npppd i run
it already for some time and i think it works very well. Here are my
notes, see if there are some use for them, hope Google translates it,
Hi!
I have used very basic npppd setup for some years and it works for me
alright, thanks! (From Windows 7 workstations.)
It seems now i need to set up more complicated configuration. Say that
firewall has three network interfaces
re0 - public internet
re1 - internal network one
Hi!
I have run two node active-passive cluster with OpenBSD successfully
over several years, there have been problems too but at least now i know
how to escape them. Now i run into major issue and i would like to ask
for help, maybe its software bug or i just manage my system
inappropriately, i
Hi again!
I forgot to mention that although carp is configured i do not use there
pfsync (even no pfsync0 interface). (There have been problems with
pfsync, at least in the past and for me).
Imre
On Fri, 2014-04-11 at 15:45 +0300, Imre Oolberg wrote:
Hi!
I have run two node active-passive
On Mon, 2014-03-31 at 13:16 -0700, Philip Guenther wrote:
On Mon, Mar 31, 2014 at 11:10 AM, Imre Oolberg i...@auul.pri.ee wrote:
...
But i wonder how i could ask the system how much are the so to say
ulimits of the running unbound process, e.g. number of open files?
There's currently
Hi!
I had trouble with unbound running out of resources, esp. open files
limit and good people pointed me towards /etc/login.conf. It seems that
unbound is much better now after implementing class for it
unbound:\
:datasize-cur=2G:\
:datasize-max=2G:\
:maxproc-max=256:\
Hi!
I am trying to relate OpenBSD firewall's performance in accepting new
connections per second to that of commercial products (for example
FortiGate 800C literature says 190k, Sonicwall 6600 90k). I would like
you to comment how would be correct way doing it and also what are so to
say common
Hi!
I am having hard time getting NetMos Nm9835 addon PCI adapter going
for gaining two more com ports. OpenBSD 5.2-current of Nov 13 says on
commodity i386 hardware
# dmesg
...
puc0 at pci0 dev 8 function 0 NetMos Nm9835 rev 0x01: ports: 2 com, 1 lpt
com3 at puc0 port 0 irq 10: ns16550a, 16
On 11/13/12 08:57, Tomas Bodzar wrote:
On Mon, Nov 12, 2012 at 11:09 PM, Walter Netowsouz...@gmail.com wrote:
Hello guys,
I have two internet connections, and I want to make load balancing and
failover service, I had read about pf load balancing and multi-path route,
what is the difference
Hi!
While switching two node carp + pfsync active/passive firewall nodes
over like
fw1# ifconfig -g carp carpdemote 50
i get idle tcp sessions hanging.
I noticed that slave does not honour 'expires in' values of respective
master's states and instead uses packet filter's default (defined
Hi!
Thank you very much for quick answer! Tried it on 5.1 stable in the
spirit on applying bind patch i.e. saying
# cd /usr/src
# patch -p0 /usr/src/nsd.patch
# cd usr.sbin/nsd
# make -f Makefile.bsd-wrapper obj
# make -f Makefile.bsd-wrapper depend
# make -f Makefile.bsd-wrapper
# make -f
Hi!
I am having trouble on OpenBSD v. 5.1 using NSD nameserver.
When slave NSD name server receives zone update and reloads it into its
database high and sustained user load (about 1-2) is generated on cpu
depending on hardware from 3 minutes to 10 minutes. Also this kind on
load is observed
Hi!
On 02/29/12 19:16, Marios Makassikis wrote:
A last test prior to posting got me the following results:
The pf.conf file contained this rule at the top:
block quick log inet proto carp
And CARP was effectively blocked. Changing the 'block' to 'pass' allowed
the packets to flow, as
Hi!
I am having hard time getting dhcpd with synchronisation to work. What i
have is two OpenBSD v. 5.0 working in the same subnet as test dhcp
servers and third as dhcp client. Each computer has actually two network
interfaces, one for remote access and the other for playing with dhcp.
They
Hi!
I use ipsec (isakmpd with /etc/ipsec.conf and ipsecctl) on OpenBSD v.
4.9 with very vanilla configuration (in rdomain 0) and it works (the
other end is also OpenBSD but v. 4.8, same observations there). And i
use rdomains which also work.
But the strange thing is that the encap routing
Hi!
I just wanted to share that alternative to ftp-proxy clients which
connect from external network to internal ftp server is just letting
appropriate packets thru i.e. without doing application level proxying.
For example like this where 10.0.21.254 is ftp server's external address
and
Hi!
I am trying to get acqueinted with iked program and between two openbsd
4.9 snapshots (OpenBSD 4.9 (GENERIC) #477: Wed Mar 2 06:50:31 MST 2011)
it works with preshared keys and certificates all right as far as i can
see. In the beginning i made certificates with ikectl and then now with
on their adjacent neighbors?
Imre
Just for the record, my second attempt was made using OpenBSD
4.8-current (GENERIC) #501: Mon Nov 29 11:58:38 MST 2010 and i386.
Claudio Jeker wrote:
On Fri, Nov 26, 2010 at 11:02:06PM +0200, Imre Oolberg wrote:
eHi!
I am using 'OpenBSD 4.8-current (GENERIC
eHi!
I am using 'OpenBSD 4.8-current (GENERIC) #313: Mon Nov 1 11:04:25 MDT 2010' i
set up some good number of testing machines and started to try out the bgp mpls
vpn stuff (based on man bgpd.conf, man ldpd.conf man man route +
http://marc.info/?l=openbsd-miscm=127470697232025w=1 and i also
but if somebody could
give a good guess why i have those host routes pointing to routing
domain's default gateway it would be great!
Imre
Original Message
Subject:choosing outgoing interface based on process uid
Date: Sat, 18 Sep 2010 20:12:32 +0300
From: Imre
Hi!
Stuart Henderson wrote:
On 2010-09-18, Imre Oolberg i...@auul.pri.ee wrote:
3. using route-to ($if_ext $if_ext_gw) construct on the pass out rule i
can't change the interface the packet it getting out, its already
decided, i can only choose the next hop gateway address
Hallo!
I have OpenBSD v. 4.7 i386 firewall with two outgoing internet
connections (of which one is default gateway and the other could be used
with route-to, for example) and serveral networks behind it. On the
firewall runs Squid process as user _squid and it does transparent http
proxy for
not to be a solution, i guess its also too late
because the match is actually happening on the outgoing direction and
routing has already happened
match log user _squid tag FROM_SQUID rtable 1
Imre
roberth wrote:
On Sat, 18 Sep 2010 20:12:32 +0300
Imre Oolberg i...@auul.pri.ee wrote
!
Imre
Stuart Henderson wrote:
ipmi(4) doesn't support the interface needed for local access
with ipmitool/freeipmi etc.
On 2010-07-19, Imre Oolberg i...@auul.pri.ee wrote:
Hallo!
First of all, I am not a seasoned ipmi user, i rather resently found out
about this possibility to control
Hallo!
First of all, I am not a seasoned ipmi user, i rather resently found out
about this possibility to control computers. I would like to ask how to
use ipmitool to control local computer's ipmi facilities from within
OpenBSD. This computer is IBM System x3550 M2 and here is where i stand
1.
Hi!
I would like to know if there is a way to manage fujitsu primepower 450
(or some other so to say Sun computer, i believe exact model is not
essential in this regard) xscf users from with-in OpenBSD (like under
Solaris madmin does)? At the moment there is v. 4.5 but it could be
replaced with
Hi!
It may be that i have something not set right in bios (although it has
default settings set and firmware is updated) but my hp dl385 g1
randomly stops running 20. january current amd64. The same computer
worked for a long time with another operating system, i.e. i dont
suspect hardware
Hi!
Theo de Raadt wrote:
panic: tcp_output: template len != hdrlen - optlen
Stopped at Debuuger+0x5: leave
RUN AT LEAST 'trace' ..
You didn't run trace, why not? You don't want the bug fixed, do you.
I am sorry, there may be something special about my so to say remote
java-based consoles
Hi!
During installing a pair of OpenBSD 4.6 amd64 (patched with current
patches i.e. up to 004 and included) firewalls on IBM 3550 M2 computers
i was evaluating different options to have pfsync traffic carried
between them. Although i intend to use separate vlan for pfsync i tried
out also how
Marco Pfatschbacher wrote:
On Tue, Oct 06, 2009 at 11:22:11PM +0300, Imre Oolberg wrote:
Hallo!
I have used carp ip-stealth balancing for only pass and block rules with
two openbsd 4.5 firewalls and https server quite successfully, like this
Hi,
finally someone who got IP balancing
Hallo!
I have used carp ip-stealth balancing for only pass and block rules with
two openbsd 4.5 firewalls and https server quite successfully, like this
to isp router is firewalls' default gw
|--carp0--|carp0: 192.168.1.170
_|_ _|_
Hallo!
I am thinking of startig using ospf techology to set up higer redundancy
but at the moment i am just there where i am trying out my first setup.
I have read some books on the topic and now i am following the text from
http://www.openbsd.org/papers/linuxtag06-network.pdf.
To follow the
1 host 2
gw: 10.0.1.253 gw: 10.0.1.254
Imre
Henry Sieff wrote:
Use pf:
http://www.openbsd.org/faq/pf/pools.html#outgoing is sort of what you
want to do.
On Wed, May 20, 2009 at 1:38 PM, Imre Oolberg i...@auul.pri.ee wrote:
Hi!
I guess that maybe i need to solve
Hi!
I guess that maybe i need to solve my problem using different means i.e.
administrative means but i would be thankful if somebody could comment
if there is feasible technical solution for this situation.
I have gateway between one subnet and two connections to the internet. I
would like the
for that particular carp device appears on the wrong side etc).
It could be easily said to me that if your are so interested use the
source but i am sorri the source is not much help for me, i am more
about just a user.
Imre
Felipe Alfaro Solana wrote:
On Thu, Apr 23, 2009 at 12:05 PM, Imre
Hallo!
I would like to confirm my understanding of how carp works and if the
following holds generally true.
After having on all participating nodes set to
# sysctl -w net.inet.carp.preempt=0
one could change advskew value and actually no carp takeover takes place
automatically until
Hi!
I run in one occasion for experimenting and learning purposes OpenBSD
under 64 bit Debian Lenny dom0 on Intel-VT capable hardware (Intel
DP35DP motherboard). OpenBSD is i386 HVM domU (it was patched 4.4 stable
for a while and then i replaced it with current from Jan 19) and it
Hallo!
I am not sure this is the rigth way, must certanly it doesnt scale well,
but i snooped now and then for ftp-proxy rules/translations like this
1. have a guess there should be some ftp-proxy rules created in achors
2. issuing 'systat rules' i look for exact entries, like
Date: Thu, 22 Jan 2009 22:10:32 +0200
From: Imre Oolberg i...@auul.pri.ee
To: misc@openbsd.org
Hi!
I have following problem with my OpenBSD amd64 version firewall and
would be very thankful if you can help me with it.
Quite accidentally my collegue discovered that while he is accessing
content over
Hi!
Wouldn't it be better to not use the bridge and use (multicast-)routing
and pf to solve your problem?
Multicast routing with dvrmpd is tested with pf, does not work. the
same thing happens, if streamX is allowed to pass out on vlanX and
streamY is allowed to pass out on vlanY, result is
Hi!
I have following problem with my OpenBSD amd64 version firewall and
would be very thankful if you can help me with it.
Quite accidentally my collegue discovered that while he is accessing
content over http from behind natting firewall he doest get it every
time. And it happens seemengly
Hallo!
First of all i must say it is a theoretical question i.e. i do not have
anything practical undone because of it but to better understand the way
of pf i would like to ask it and i would appreaciate very much if
somebody could share light on this.
I am accustomed to use rdr when i
Hi!
I'm basically trying to setup a VPN between a linux box (debian) and an
OpenBSD one.
I am not a seasoned IPSec user but i tried out couple of configurations
and one of them was Debian with Racoon and OpenBSD's native isakmpd.
I based my experimentation on article which is about
Hallo!
My guess is you dont get anything logged since you pass with rdr rules.
Maybe it is cleaner to keep translation and filtering separate, e.g.
have translation rules like this
rdr on $ext_if proto tcp from any to $webby_ip port 80 - $webby_server
port 80
And then you need to pass not
Hallo!
I use ip-based load balancing with carp on two-sided firewall, no nat,
just routing and it works like this
internet --- router -- 172.16.5.118:firewall:192.168.222.189 ---
web server
I tried this setup with two and more firewalls, where 5.118 is ip
address assigned to outer
Richard Daemon wrote:
I'm just curious, why run dhcpd on a carp interface? What's the reason
for wanting to do this?
If you point to the fact that since dhcpd is a service which from the
client's point of view does not run on fixed ip address but rather so to
say in a broadcast domain
Hallo!
I am choosing (probably from ebay) a sata adapter to connect four newer
generation sata disks to little older computer (ibm x200, with 32bit pci
slots) to make myself an home-made storage for home use backup. I have
not yet decided whether to use for it openbsd or debian. People
Hi!
And yes, it holds again that manual is the ultimate source, thanks!
After giving some extra thought it appears that with older computer my
main concern should not to be disk performance but network. em0 does
there according to the
# dd if=/dev/zero .. | nc 1.2.3.4 1010
some poor 16-20
Hallo!
I am trying out trunk interface with em and fxp adapters and though
trunk seems to work all right i cant figure out how it takes itself mac
address. It does switch between the two physical interfaces' addresses,
but if someone expresses the alogithm on higher abstraction level than
, Imre Oolberg [EMAIL PROTECTED] wrote:
Hallo!
I have been using for some time now carp failover and i am very content with
it, thank you!
I run some tests and i just wanted to confirm that in order to run dhcpd
service one has to run it on a physical interface (which has ip address
configured
Hallo!
I have been using for some time now carp failover and i am very content
with it, thank you!
I run some tests and i just wanted to confirm that in order to run dhcpd
service one has to run it on a physical interface (which has ip address
configured) like
# dhcpd fxp0
and not on a
Hi!
One way to see what rule number a rule has is to say
# pfctl -vvvsr
And for example, if some connection needs attention then its good to
loop up state's rule numer with pfctl -vvvss.
Imre
Monah Baki wrote:
Hi all,
Using tcpdump -i pflog0
Jun 24 10:54:01.209701 rule 14/(match) pass
Hi!
I just wanted to ask if there are any plans to put up on this issue also
errata on http://www.openbsd.org/errata43.html?
Best regards,
Imre
Pierre-Yves Ritschard wrote:
* Mark Rolen ([EMAIL PROTECTED]) wrote:
At that point, relayd is dead, and won't restart. /var/log/daemon shows:
Hallo!
Some time ago i did experiment with dual-booting (actually
multi-booting) from one harddisk several OpenBSD instances, for the sake
of fun. I settled to using dualboot OpenBSD to make upgrades more
suitable for me (just unpacking new distribution's file sets under /mnt
mounted empty
Hi!
If i understood correctly all your stuff behind pf firewall is in the
192.168.0.0/24 subnet and when trying to access your webserver from one
of the workstations it doesnt work. My guess is that you are using
public nameserver which resolves webserver's name to the ip address
which is
regards,
Imre
Original Message
Subject: setting up a noiseless workstation
Date: Fri, 01 Feb 2008 20:16:49 +0200
From: Imre Oolberg [EMAIL PROTECTED]
To: misc@openbsd.org
Hallo!
I am thinking of setting up for myself a noiseless workstation ie
without moving parts or at least
Hallo!
I would be thankful if somebody comments on the following sequence to
upgrade OpenBSD system. The main purpose is to make an upgrade with as
little downtime as possible and to have a way to return to the last
known working state. Essentially it involves creating temporary
dual-boot
Hallo!
I am observing seemingly perplexing problem on OpenBSD 4.1 firewall.
Some dns queries work from behind firewall towards internet and others
doesnt. For example doesnt work query which has a big response of TXT data.
Firewall has internal interface em1 attached to subnet 10.0.1 (actual
an example in the
light (or should i say darkness) of my tests how using different
state-policies makes difference in arranging rules and also of having
the number of states.
And also, is it correct to think of states as associated with specific
interface or to kernel in general?
Best regars,
Imre
67 matches
Mail list logo
