On Wed, Oct 24, 2012 at 12:43:12PM -0400, Daniel Ouellet wrote:
Hi,
Just saw a few questions and patch for NAT64 on misc and tech@ and I
am really questioning the reason to be fore NAT64 and why anyone in
their right mind would actually want to use this?
To reach v4 only hosts, d'oh?
IN
On Wed, Oct 24, 2012 at 02:43:14PM -0400, Simon Perreault wrote:
What you need to multihome is either BGP or NAT. Exactly as in IPv4.
Nothing has changed. The only new thing with IPv6 is that there's
more bits.
Oh? I have two internet connections plugged directly into my desktop box
at home,
On Wed, Oct 24, 2012 at 02:25:07PM -0400, Kurt Mosiejczuk wrote:
I read about it in the following article earlier this year.
http://www.theregister.co.uk/2012/03/31/ipv6_sucks_for_smes/
Everybody except a few zealots have accepted the fact that NAT will
exist in ipv6 just like v4. The
On Wed, Oct 24, 2012 at 01:21:33PM -0600, Theo de Raadt wrote:
What happens if one of your links goes down for a day?
Do all your ssh sessions to everywhere in the world stay up?
The internet has non-transient traffic, too.
No, I will have to re-start some of them. This is something that
On Wed, Oct 24, 2012 at 01:28:38PM -0600, Theo de Raadt wrote:
Basically to make IPv6 pseudo-multihoming work like IPv4
multihoming, ssh and sshd need to be modified that they can handle a
network break, and re-connect using another address.
I fail to see what any of this has to do with
On Wed, Oct 24, 2012 at 01:43:01PM -0600, Theo de Raadt wrote:
Luckily that is not a problem in ipv4.
I can get IPv6 PI and multihome with v6 as it is just like I used to be
able with v4; now there is no more v4 PI at RIPE. But what does this
have to do with the on-wire protocol again?
Do
On Wed, Oct 24, 2012 at 10:30:21PM +0200, Claudio Jeker wrote:
On Wed, Oct 24, 2012 at 10:12:33PM +0300, Jussi Peltola wrote:
On Wed, Oct 24, 2012 at 02:43:14PM -0400, Simon Perreault wrote:
What you need to multihome is either BGP or NAT. Exactly as in IPv4.
Nothing has changed. The only
You can work around this by pointing a default at your provider, too.
But it is kind of yucky.
On Sat, Jan 07, 2012 at 09:21:35AM +0100, Pete Vickers wrote:
SOO can be used for loop detection, but only if your bgp peerings don't strip
extended communities.
another dirty hack would be to get
of the link. 2) is possible without 1),
assuming that some lower bound of the link speed is known. 1) is
obviously possible without any prioritization at all.
Jussi Peltola
On Sat, Nov 19, 2011 at 08:58:46PM -0500, quartz wrote:
is there a way to set up altq+priq on an internet connection with highly
variable/unknown bandwidth?
I'd like to create a simple one layer queue system that prioritizes empty
ACKs over anything else (always, all the time, no matter the
You can ignore the clueless parts in my previous message :)
I can set up remote access to one of these machines if needed.
This made the ems work again:
--- if_em.c.origWed Nov 9 21:37:39 2011
+++ if_em.c Wed Nov 9 21:39:01 2011
@@ -331,6 +331,2 @@
- /* Only use MSI on the
My em(4)'s stopped working with 5.0 - has anyone seen this on 82571EBs?
I'll try backing out the MSO patch.
Perhaps this is related:
ftp://download.intel.com/design/network/specupdt/82571eb_72ei.pdf
Page 22, Errata 7: Device Transmit Operation Might Halt in TCP
Segmentation Offload (TSO) Mode
I had some similar looking problems some releases back. Using a separate
carp if for ipv6 mostly fixed it. Didn't write down the exact problem,
though.
On Sun, Oct 23, 2011 at 12:08:22AM +0200, Jan Stary wrote:
Just out of curiosity, what would be an example
situation for using a machine that simultaneously
(1) acts as a name-server for others
(2) gets its network settings dynamicaly reconfigured
Any kind of box that is connected to an
I'm lazy.
On Sun, Jul 31, 2011 at 02:16:15PM -0700, David Newman wrote:
2. CARP heartbeat messages use multicast. This means a switch with
dual-stack CARP-attached devices should support not only IGMP snooping
for IPv4 but also MLD snooping for IPv6.
Hmm. carppeer does not seem to like an inet6 address
I have a vlan on top of a vlan on an em. It connects to a remote switch
that requires me to use a specified lladdr.
Everything works just fine if I change the lladdr on em0, or run tcpdump
to switch it to promiscuous mode, but I need another lladdr on the other
vlans.
Setting the lladdr on the
In my experience, the caveat makes using most devices next to
impossible. It is way worse than using 3G data.
I use separate APs. They're usually cheaper and easier to find than
supported cards, anyway.
On Fri, Dec 31, 2010 at 01:36:32AM -0800, S Mathias wrote:
Does anyone has a similar howto on OpenBSD for using private VLAN's?
like:
http://blog.ine.com/2008/07/14/private-vlans-revisited/
I just need to separate the client's on Layer3 or better: on Layer2.
Each client uses 1 port.
I have heard of multilink PPPoE, which you'd probably have to tunnel in
a gre / gif tunnel if it's not a private adsl link, lowering the MTU
even further...
I've never tried it, it may not work at all, but it might be usable if
the dsl connection in question is not a very wide wan.
The n900 most certainly can run openvpn.
On Wed, Sep 22, 2010 at 08:39:36PM -0300, Nenhum_de_Nos wrote:
On Wed, September 22, 2010 18:56, Luis F Urrea wrote:
On Wed, Sep 22, 2010 at 4:11 PM, Fabio Almeida mente...@gmail.com wrote:
Iptables is ok, until you know PF, after knowing PF you'll never use
Linux, at least for firewalls,
that you can do a regular install on), some kind of QoS
is a must on such an oversubscribed line. It will very likely be
completely unusable without it.
Jussi Peltola
Perhaps it is because you have a /8 netmask on em0.
man hostname.if
Jussi Peltola
a dmesg it is
rather hard to tell what you're trying to accomplish. You should include
at least ifconfig output and hostname.* files, probably also the pf
rules you mention.
Jussi Peltola
Does the machine recover after the loop is gone?
On Fri, Jul 09, 2010 at 01:34:26AM +0200, Floor Terra wrote:
I admit that I'm a bit ignorant here, as I've myself never
administered an SSL web site, but I am not convinced by this: Doesn't
the above just mean that it switches to HTTPS *after* transmitting my
information in the clear? Or
On Fri, Jul 09, 2010 at 02:19:42PM -0700, Matt S wrote:
Given the following:
[internet - DSL Modem - 192.168.0.1]--[bge0:192.168.0.254 - OpenBSD
4.7 - em0:10.40.60.1]--[Laptop - DHCP]
net.inet.ip.forwarding=1
How can I get my laptop to reach the internet? I kind of
Something like http://zakalwe.fi/~shd/foss/pmr/ might work
Search the archives.
On Sat, Jun 12, 2010 at 10:53:52AM +0200, E.T wrote:
* Nick n...@holland-consulting.net [2010-06-11 12:55]:
If you want low power consumption and low cost, I'd suggest a small
PIII or Celeron based system, hard to beat for the price (usually,
free!). IF the new, cool stuff has any real
reply-to
On Mon, May 24, 2010 at 09:56:45PM -0700, J.C. Roberts wrote:
Since most providers have bandwidth caps measuring all network
traffic, preventing your system from connecting when it doesn't need to
be connected is fairly important. Unlike the old POTS (land line)
modems, these new mobile data
On Fri, May 21, 2010 at 10:45:01PM -0500, Marco Peereboom wrote:
I've lost 3 due to washing...
I've revived many with a toothbrush and alcohol.
It's not the water, but all of the stuff that deposits on the thing.
Still, just take the backups...
On Fri, May 21, 2010 at 12:22:10AM +0200, Reyk Floeter wrote:
Linux's bonding module has an arp monitor which solves some of these
problems, but the implementation is so hackish (as usual there...) that
I'd rather not use it in production. arping and ifstated might do the
same on openbsd,
a reliable switch with a
redundant power supply or connect the single one to a good UPS)
However, if you need to ask if you can run a trunk on top of a carp, do
yourself a favor and use a single switch. There will be less downtime.
Jussi Peltola
On Thu, May 20, 2010 at 08:17:48PM +0200, Henning Brauer wrote:
I have two identical core switches in one (not really so critical at
all) place running OSPF, with a bunch of routers connecting to both
switches for redundancy. Works pretty well and there has even been a
config reset
I do this too. In addition to the previously mentioned problems with
cheap switches losing their configs (and vlans) you should make sure the
active interfaces are all on one switch so that the link between them
isn't uselessly used; this will also avoid an unpleasant split brain
event if that
On Sun, May 09, 2010 at 01:59:16AM +0300, Sviatoslav Chagaev wrote:
Hello,
I have the following network configuration:
$ext_if -- wired interface, connected to my ISP's network, with a real
IP address, visible from the Intertubes.
$int_if -- wired interface, to which comps on my home
On Thu, May 06, 2010 at 11:55:58AM -0700, Jeff Powell wrote:
All this works just fine until I try to put another server on the public net.
When I point that server's gateway at the public IP of the router ($IntIF),
it's blocked by the NAT. I understand that this is NAT doing its job by
.
Current day email just is not secure. It's no use trying to pretend
otherwise.
Jussi Peltola
On Wed, May 05, 2010 at 07:27:46PM +0100, Kevin Chadwick wrote:
Of course, if it's your mail server and clients you can use ips without
dns have certficates tied to those ips and even block or monitor resets,
none of which can be done with starttls and it is also a smaller window
of
. Their presence fucks up the net.
Could you stop spewing this on m...@? This is not Lars's-little-soapbox@
and your opinions of all kinds of proprietary products have nothing to
do with OpenBSD. The fact that the rest of this thread is almost as
irrelevant is not a good excuse.
Jussi Peltola
Yes, yes. Polarized insults and yet more preaching... and PHP, give me a
break.
How can you use Gmail? Or is closed source SaaS suddenly OK? Why would
hosted sharepoint be any different?
Also, could you translate these sentences into English? I'm having
serious problems parsing them.
Its wrong
On Sat, Apr 10, 2010 at 12:38:25PM +0200, Mats-Gxran Karlsen wrote:
-rw-r- 1 root wheel 390 Jul 13 18:30 rc.transmission
it's not executable
The following is appended to /etc/rc.conf
use rc.conf.local
will probably lead to someone screwing up (and I don't
want to be the sole person able to do day to day operations on these
things...)
Thanks
Jussi Peltola
On Mon, Mar 15, 2010 at 08:02:50AM -0400, Steve Shockley wrote:
If you do take it apart, make sure you have some heatsink grease
on-hand, as the factory stuff may look (and function) like dried
toothpaste. Don't spend extra on special grease, it doesn't really
make a difference.
You are trying to do something evil by making a bridge pretend it is the
host on its other side. Do not do that. Just fix the upstream firewall
to pass the management traffic you need to the box.
127.0.0.1 shouldn't arrive on a non-loopback interface. If you wanted to
try to do this kind of silly
On Tue, Feb 23, 2010 at 10:10:16PM +0800, Edwin Eyan Moragas wrote:
hi misc,
i have two outgoing DSL connections using PPPoE.
i've read about mpath in the FAQ (together with ifstated(8)) and
scoured the PF examples but i haven't found any straightforward
examples using PPPoE.
any
The input should be capacitively coupled, so even if your mic has a DC
offset it shouldn't matter. Either the capacitor is leaky or the ADC is
broken. It could be a driver weirdness but that sounds unlikely.
If you don't mind losing the few bits of dynamic range, you can just
remove the DC
On Sun, Feb 21, 2010 at 08:26:44PM +1000, David Gwynne wrote:
i hate to bring this up, but if you have cisco gear with dhcp snooping enabled
you can enforce this on the switch.
That's probably also the only reasonable place to do it. Thankfully it's
not only cisco that does that nowadays.
Just put your data on some funny port, then? Or give it a long and hard
to guess name, that might actually have sufficient entropy to be any
use.
A less-than-16-bit random port is rather easy to guess.
And, if you really want to do port blocking, read the pf man page. It is
possible with a rule
On Sun, Feb 14, 2010 at 02:36:56PM +0100, Claudio Jeker wrote:
I would install a default blackhole route like this:
route add default -blackhole 127.0.0.1
Hmm, why not -reject? To avoid error messages while the routes are not
yet installed in the kernel?
On Sun, Feb 07, 2010 at 10:10:22PM -0500, Nick Holland wrote:
With all this talk about power reduction...I'm going to toss out one
small suggestion:
Get a Wattmeter, and measure... Don't waste your time speculating.
An ammeter and high school physics V*A=Watts doesn't cut it for AC
(in
On Mon, Feb 01, 2010 at 04:54:49AM +, Jacob Meuser wrote:
On Mon, Feb 01, 2010 at 05:57:11AM +0200, Jussi Peltola wrote:
On Mon, Feb 01, 2010 at 02:35:54AM +, Jacob Meuser wrote:
yeah, but wasn't the original issue that started this thread was that
the locate database was too old
http://www.gossipgamers.com/pokemon-redesigned-in-traditional-japanese-style-artwork/
On Sat, Dec 26, 2009 at 09:07:13AM -0600, Chris Bennett wrote:
SMART is not the final word.
True
Try running badblocks from e2fsprogs.
Neither is badblocks
Be sure you use it correctly. You will need the partitions unmounted for it
It's rather hard to prove a disk isn't broken; a program
State. Blocking outgoing traffic will not prevent replies being allowed
out.
On Fri, Dec 18, 2009 at 02:51:34PM +0700, Edho P Arief wrote:
can you please enlighten me on why that's a bad thing?
Filling up / can be more annoying than filling up /usr.
It's better to make sure your mounts work and not try to work around
broken systems, though.
Check that another pass rule later in the file is not overriding it.
Maybe try with quick.
This is just silly. If you make a firewall distribution to promote
OpenBSD instead of making a firewall distribution, your source of
motivation is wrong.
OpenBSD is free software. You are completely free to use it as a basis
for your firewall distribution.
The project, on the other hand, does
I've seen my share of broken WaveLAN cards and AP-2000 power supplies.
Still, the new crappy WLAN devices probably have 10 times the failure
rate and don't work too well even when not broken...
IME even with newer hardware, leaving it open and using IPSec, openssh
etc. will be less painful. WPA
On Sat, Dec 05, 2009 at 12:44:42PM -0800, rhubbell wrote:
On Sat, 5 Dec 2009 15:28:09 -0500
STeve Andre' wrote:
mostly a waste of time, except for the educational aspects of what not
to do.
Thanks for the nice story. I get a kick out of how far folks here go out
of their way not to
Try setting srcid and dstid manually (I used FQDN:s and pubkeys to make
it work, didn't succeed with IP addresses), you might also try testing
with a PSK to eliminate one part of the equation.
On Tue, Dec 01, 2009 at 06:17:32AM -0500, stan wrote:
On Mon, Nov 30, 2009 at 11:29:00PM +0200, Jussi Peltola wrote:
Not knowing your network I can only guess you don't want to mix CARP and
OSPF on the outside interfaces. OSPF will handle the fail-over.
CARP interfaces listed
This is normal. The Linkstate column shows the CARP state, and the
interface is passive so it is DOWN - you do not run OSPF on it so there
are no neighbors.
This works for me:
# NB: if a carp address is the lowest IP you will get duplicate
# router-id's - maybe ospfd should ignore CARP interfaces when selecting
# the host id?
router-id 1.2.3.4
area 0.0.0.0 {
interface gif0 { } # link to another site
interface gif1 { } # link to
Not knowing your network I can only guess you don't want to mix carp and
OSPF on the outside interfaces. OSPF will handle the fail-over.
CARP interfaces listed in ospfd.conf as passive will just work and get
advertised in OSPF when they are master.
You probably don't want redistribute connected;
Insufficient data.
What are you going to do with it?
On Tue, Nov 10, 2009 at 11:18:57AM -0700, Theo de Raadt wrote:
If you want to never lose data, you have an option. Make the filesystem
syncronous, using the -o sync option.
If you can't accept the performance hit from that, then please accept
that all the work done over the ages is only on
allows you to position the APs
optimally. If you need to drive to change the broken AP, buy a more
expensive one and hope for the best.
Ignore WLAN security if you can and use IPSec or something similar
that is truly secure and not a pain in the butt.
Jussi Peltola
The card's inputs probably work only one at a time. You would also need
some interesting post-processing to merge 3 streams of RGB captured
separately, and lack of sync would probably make it not work very well.
VHS has so little bandwidth that using composite video is just fine.
Don't fuss about
How about re-scheduling it so it wakes you up in the morning at the
right time :)
How about trying it? Our crystal ball is unfortunately not able to
predict your traffic patterns.
50mbps sounds very little for a modern box running openbsd. I can get
20mbps over IPSec on an ALIX...
Jussi Peltola
On Wed, Oct 14, 2009 at 01:14:00PM -0500, Sergio Andris Gsmez del Real wrote:
Thanks for the reply.
Indeed, I use usb_modeswitch under Linux, it is, however, quite just
for Linux, cause it reloads a certain kernel module. With GENERIC
kernel, usb_modeswitch does not even recognize the
On Wed, Sep 16, 2009 at 08:22:19PM +, Stuart Henderson wrote:
On 2009-09-16, Peter Kay - Syllopsium syllops...@syllopsium.com wrote:
At the risk of a flaming, sysmerge is also a pain in the arse. Once you
know how to use patch files and diff properly I'm sure it is absolutely
On Sun, Sep 13, 2009 at 03:35:04PM +0200, Maurice Janssen wrote:
The NFS-server is an embedded device (Netgear NAS). Unfortunately I
can't set the +5 on the shutdown command...
Then there's probably no way to mount the NFS server's FS's sync? That
could be enough if all processes that need
On Sat, Sep 05, 2009 at 05:37:58AM -0600, Anathae Townsend wrote:
match out on external from mynetwork to any nat-to (external) round-robin
IIRC it's been that way as long as I can remember, if you only have one
address round-robin doesn't really do anything.
--
Jussi Peltola
I'd suggest running ospf over pointopoint links (gif/gre, on ipsec if
desired) instead of faking a layer 2 backbone where there isn't one.
--
Jussi Peltola
, they are not you. Logging these should
be interesting, too.
* Probably also: packets not addressed to you from your ISP
[1] I once managed to send packets from an RFC1918 address through two
AS's to my home DSL line. Don't trust your ISP, do your own
filtering.
--
Jussi Peltola
/Privileges/Drop.pm
--
Jussi Peltola
It makes no sense to try to bridge ethernet over ppp. You need to route,
not bridge.
, low pulse that you can't easily hear. Surely not somehing
you can fix without physically poking the hardware, though probably not
very difficult if the noise is really annoying.
--
Jussi Peltola
But even measuring the ripple with a scope won't guarantee it's OK.
Swapping out all of the hardware is sometimes the only way to find out.
Same goes for memtest86+: it can prove it's broken, but if it doesn't
find problems it doesn't guarantee there are none.
--
Jussi Peltola
On Fri, Jun 26, 2009 at 09:57:51PM +0530, Siju George wrote:
I am wondering why this has increased in the near future :-(
--Siju
Maybe you should stop sending more of it
much :)
--
Jussi Peltola
On Fri, Jun 05, 2009 at 04:11:39PM -0400, Joe Gidi wrote:
Also, the machine has no serial port, so I can't try the serial console
trick.
It does, but you need the port replicator to access it. Maybe you can
find one you can borrow.
--
Jussi Peltola
money for making the internet links redundant.
--
Jussi Peltola
I'd rather run pfsync in its own vlan than over a realtek card. It's
probably not any slower (what could be slower than a realtek...) and
it's not really any less reliable (what use is pfsync if your business
network goes down?)
On Sun, May 24, 2009 at 02:49:53PM +0200, Martin Schrvder wrote:
2009/5/24, Stuart Henderson s...@spacehopper.org:
The P (Private) suggests some kind of privacy.
MPLS is well suited to the task as it provides traffic isolation and
differentiation without substantial overhead.
Doesn't
Depends on the db9-rj45 adaptor, some need a rollover cable, some a
straight one. Try it.
Many (probably 50%) of RJ11 4-wire telephone cables were crimped wrong
by the factory and are in fact roll over cables (RJ11 fits in RJ45,
but you need 4 wires, 2 won't work).
Saved me some from hair loss one sunday far away from everything.
--
Jussi Peltola
good.
Small switching supplies like ones for sokeris etc. can be pretty bad.
Linear supplies will also be far from 1.
--
Jussi Peltola
that sounds like it's going to take off until the fan
fails after a year... let alone the icky hardware with driver pains.
--
Jussi Peltola
On Mon, Apr 06, 2009 at 06:57:56PM -0500, Abel Camarillo wrote:
Personally I believe that HP printers are they only thing that doesn't
suck.
I have had a very cheap HP printer for the last 8 years without any
problems (a very cheap Inkjet).
I can agree with that they didn't suck 8 years
data sounds pretty slow
especially since it's latency sensitive
--
Jussi Peltola
interesting differences. I wish I could
just put my PCBs through a laser printer and etch away...
--
Jussi Peltola
with windows broadcasts storming in...
General ideas on securing ethernet are also welcome (I don't really like
the idea of having separate servers sharing a subnet, either - and we
had a discussion about the wrong solutions a while ago.)
--
Jussi Peltola
anyway.
--
Jussi Peltola
On Sat, Mar 14, 2009 at 12:50:17PM +0200, Eugeni Akmuradov wrote:
In that situation what are possibilites ?
Install the X sets. Search the archive before you start moaning and
making an idiot of yourself, this question pops up in various forms once
a week.
1 - 100 of 202 matches
Mail list logo