ackets are sent from another system. This means that things seem
to work in the receiving direction.
In the same system there are mellanox connectX-5 nics. The 1GE-SFP works
flawlessly with it.
Regards,
Joerg
--
Dipl.-Ing. (FH) Joerg Streckfuss M.Sc. (Senior IT-Specialist)
DFN-CERT Services G
patches. So far the systems are running
stable. Are there any changes between the 7.2 and 7.3 releases that could
indicate a bug?
Many regards,
Joerg
On 2023-09-25, Joerg Streckfuss wrote:
This is a cryptographically signed message in MIME format.
--ms030306090501000403020005
Dear list,
today two of our firewalls crashed. after i was able to bring the first firewall
back online, this one crashed again within a few minutes. this time i was able
to take a stack-trace from the console:
OpenBSD/amd64 (fw1) (tty00)
login: uvm_fault(0x823237a0, 0x0, 0, 1) ->
Hello,
I'm trying to use the relayd router function to add host routes to the routing
table with a route label for further processing by bgpd. The host ist directly
connected to the firewall.
relayd.conf:
table { 2001:::::4 }
router "service_v6" {
route
Dear List,
we have problems with Intel nics of type Intel X710 (10 GbE) on a Dell R740. In
total we have three nics with four ports each. With the uprade to OpenBSD 6.8 we
lost two ports (ixl11 and ixl12). Now we upraded iteratively to OpenBSD 7.1 an
we lost another port (ixl10). The update
Hi misc,
i am trying to create a simple smtp client configuration, where the
client should only send local mails to a relay host. the key point is
that the relay host hides a redundant MX record with different
priorities in the DNS. A DNS A-record (or quad A) on the other hand does
not exist.
As
Hello list,
I am trying to get Intel XXV710 SFP28 dual port nics to work under
OpenBSD 7.0-beta on a PE 6515 with AMD Milan CPU.
There are two cards in the server. The behavior is such that only one
port works on one card at a time. Occasionally two ports distributed on
two cards work but never
Hi list,
We orderd some Dell machines PE R6515 with AMD EPYC 7302P 3GHz but
surprise the CPUs are not available. An alternative suggested by dell
would be the Epyc 7402p 24C/48T 2,8Ghz CPU. But I'm thinking of going
for the Milan CPU right away. Specifically, it would be the AMD Milan
7313P
Hello folks,
in the past we used Dell servers like PE 1850, PE 2850, PE R730 and PE
R740. We had good experiences running Openbsd on these systems. These
models are all Intel based but for another project i'm considering
giving AMD a chance.
I'm very interested in the Dell PE R6515 with AMD
Am 02.09.19 um 19:58 schrieb Stuart Henderson:
Use sysupgrade -n and monitor the OS version number ("what
/home/_sysupgrade/bsd"). If you see 6.6-current it is post-release and
you should not install it ("rm /bsd.upgrade"), you can then wait until
actual release day and update to be sure you're
Hi Misc,
we have to run 6.6 snapshot on one of our firewall clusters to get in
touch with the new aggr(4) driver. This driver seems to work great
whith 6.6 snapshot on a dell pe 470 with intel X710 based quadport
sfp+ nics doing LACP.
We had serious problems with the trunk(4) driver on OpenBSD
Am 01.08.19 um 14:55 schrieb Joerg Streckfuss:
Hi Misc,
we bought two new Dell PowerEdges R740. Each System has 3 intel X770
based quadport sfp+ nics. Onboard are two further intel i350 based
sfp+ ports.
Correction - Of course I mean 3 intel X710 based quadport sfp+ nics
and two intel x520
Hi Misc,
we bought two new Dell PowerEdges R740. Each System has 3 intel X770
based quadport sfp+ nics. Onboard are two further intel i350 based
sfp+ ports.
The firewalls are running OpenBSD 6.5 stable. To test lacp 802.3ad with
ix and ixl based interfaces I build two trunks which directly
Dear list,
i want to block udp fragments to a specific host while the reassembling is
turned on for all other traffic:
In pf I would write something like this:
# reassemble fragmented packets (default yes)
set reassemble yes
# scrub all traffic
match all scrub (random-id no-df)
# block
Dear list,
i want to know why it is good practice to use /32 netmask for ipv4
respectively /128 netmask for ipv6 addresses on carp interfaces, while using the
"real" netmask for example /24 for a dedicated address on an interface.
Any advice ?
Thanks,
Joerg
Am 15.08.2018 um 18:26 schrieb Stuart Henderson:
On 2018-08-15, George wrote:
I believe you may be looking for a redirect not a relay. It all really
depends on your network topology and what you are trying to do but in
general something like this is what you are looking at:
For directing
Dear list,
i'm playing around with a squid setup, where the http traffic from a client is
transparently routed from the gateway (openbsd 6.3) to two squid caches (squid
3.5.28). This means the caches are _not_ placed on the gateway.
With PF this is very easy to achieve:
pass in quick on
Hi,
Am 30.01.2017 um 18:17 schrieb Peter Fraser:
> My /var/log/messages is filling up with messages like the following:
>
> Jan 30 10:28:06 gateway sendsyslog: dropped 4 messages, error 55
> Jan 30 10:28:06 gateway sendsyslog: dropped 2 messages, error 55
> Jan 30 10:28:06 gateway sendsyslog:
Dear list,
i'm in progress in installing 5.6 stable on a Poweredge R730.
This system has a PERC H730 mini raid controller.
The OpenBSD installer aborts with the following message when fdisk
wants read disk geometry:
snip
fdisk: DIOCGPDINFO: Input/output error
fdisk: Can't get disk geometry,
at uhub5 port 1 configuration 1 interface 2 Avocent Keyboard/Mouse
Function rev 2.00/0.00 addr 7
uhidev4: iclass 3/1
uhid at uhidev4 not configured
snap
Am 10.03.2015 um 12:27 schrieb Joerg Streckfuss:
Dear list,
i'm in progress in installing 5.6 stable on a Poweredge R730.
This system has a PERC
Am 07.08.2013 16:20, schrieb Christian Weisgerber:
Well, you can either use two NICs on your gateway, one connected
to a vlan1 port on the switch, the other to vlan2. Or you can can
set up vlan1 and vlan2 on em0 and connect them to a trunk port on
the switch. This is straight from my home
Okay, I can reproduce the problem.
In the nearly 80 % (by guess value) of cases the relayd stops forwarding
packets in the given situation:
- first the services of the master host goes down.
- relayd switches to the backup pool. requests are redirected to the
backup host.
- master host
Hi list,
since an Upgrade to 5.0 of our pf-cluster we encoutered connection problems of
one of our webservers under high packet rate. We messured a load of about 6
million and more hits per day. The webserver serves little static content around
a few KByte.
I'm not really sure if this
Am 20.07.2011 00:31, schrieb Kapetanakis Giannis:
On 19/07/11 20:03, Joerg Streckfuss wrote:
Hi list,
i have the following testsetup with four firewall nodes connected to three
networks:
network A
|--|
|| CARP
Hi list,
i have the following testsetup with four firewall nodes connected to three
networks:
network A
|--|
|| CARP ||
|| ||
+--+--+ +--+--++--+--+ +--+--+
Dear list,
it's just an idea but in times like these where IPv4 adresses are a scarce
resource, i think about the following purpose:
Can it be possible to use the relayd to redirect IPv4 Requests to a IPv6 pool
of Servers?
Regards,
Jvrg
[demime 1.01d removed an attachment of type
Hi list,
we bought two Dell R610 Servers with four built-in Broadcom BCM5709 nics.
Additionally we installed one Intel PRO/1000 QP quad port nic. There are no
problems with the Broadcoms but something strange happens to the Intel nic.
Sometimes, almost always one to two ports of the intel card
Am 04.06.2010 13:18, schrieb Sevan / Venture37:
Test a snapshot to see if the issue still exists
Sevan / Venture37
Okey, we tested the newest snapshot but the issue remains.
Any other clue?
Joerg
[demime 1.01d removed an attachment of type application/pkcs7-signature which
had a name of
important interface gets a higher rate than a less
important
interface.
Probably the ifstated deamon and the demotion counter are the topics to get
around with this.
Does anybody have experiences demotion couter and ifstated?
Thanks in advance.
Joerg
--
Dipl.-Ing. (FH) Joerg Streckfuss
clusters means two independent rulsets to manage.
I think i will try ifstated with a finite state machine based on ping test
and
demotion counter.
--
Dipl.-Ing. (FH) Joerg Streckfuss, Phone: +49 40 808077-631
DFN-CERT Services GmbH, https://www.dfn-cert.de/, Phone +49 40 808077-555
Sitz
Am Mon, 10 Nov 2008 17:42:50 +0100
schrieb JC6rg StreckfuC� [EMAIL PROTECTED]:
Hello,
I'm in the process to setup relayd as a loadbalancer, which will distribute
http request to three webservers. I think this is a really common setup.
I'm using OpenBSD 4.4
this is my config:
snip
Since this is redirect, it should work, providing you don't
configure 10.0.0.1 as an IP address on the loadbalancer itself.
I quite agree. The loadbalancer is configured with IP address 10.0.0.5 (CARP).
Only the directive listen on ... for the rediect in the relayd configuration
uses IP
+0100 schrieb Marc Peters:
hi joerg,
you may want to have a look at firewall builder (www.fwbuilder.org). it
can produce rulesets for pf, but you should have a look at the conf
later on and check the ruleset if it fits your needs.
hth,
marc
--
Joerg Streckfuss, DFN-CERT Services GmbH
PGP RSA
.
So is there a better way to handle big rulesets?
Cheers Joerg.
--
Joerg Streckfuss, DFN-CERT Services GmbH
PGP RSA/2048, E0D4BD3F, 90 C3 FB 4A CB D3 20 70 6B 04 47 84 B5 3C 28 8C
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
hi list.
last night i patched my openbsd-3.8
soekris-box. Everything went fine.
I've got another box for firewalling with
512MB-flash standard setup, but without any
compiler-suite installed. Of course i want to patch this
box as soon as possible. shoud i copy the complete
perl-files to this box?
35 matches
Mail list logo
