My apologies for just being noise; I missed his first full post with
much more detail. I was picturing him trying to run redundant servers
without CARP and running into issues of states disappearing.
On Wed, 03 Jul 2013 07:00:02 -0500, Loïc Blot
loic.b...@unix-experience.fr wrote:
Hello,
no carp is used at this time.
pfsync needs to be used with carp... without it you're just playing
whack-a-mole with your session table.
On Wed, 03 Jul 2013 07:40:08 -0500, Loïc Blot
loic.b...@unix-experience.fr wrote:
It's not possible to sync pf table without CARP ?
In order to answer that I'll need to understand what you believe the pf
table is.
On Wed, 03 Jul 2013 09:24:54 -0500, Loïc Blot
loic.b...@unix-experience.fr wrote:
For me pf table is (sorry for the missing precisions) the pf state
stable for stateful operations
First of all, the states of node 1 being synced to node 2 and vice versa
is worthless because they have
This just seems like a bad troll. What high-end CAD product (or any
commercial CAD product) runs natively on OpenBSD?
Yes, it's in the man page for pf.conf. Search for user.
On Tue, 19 Feb 2013 18:18:54 -0600, Matthias Appel
appel.matth...@gmail.com wrote:
If I buy a car, and don't know how to operate it, and cause harm, nobody
would blame the manufacturer.
You of course need a license / permit to operate that car legally. That
process also teaches you how
On Wed, 20 Feb 2013 17:41:20 -0600, patrick keshishian
pkesh...@gmail.com wrote:
Privilege vs right discussions are way too off topic here. That said,
you are falsely assuming people with government endorsed licenses do
the right thing. Get serious.
Licensed drivers aren't perfect but they
On Mon, 14 Jan 2013 09:02:54 -0600, Florenz Kley f...@well.com wrote:
is anyone here using a SunFire V215?
http://www.openbsd.org/sparc64.html says it's a supported machine.
I'd be grateful for your observations if you run such a machine, I'm
considering to get two to run a firewall cluster.
On Wed, 2 Jan 2013 13:39:25 +0100
Toni Mueller openbsd-m...@oeko.net wrote:
A: 5.1 (IPv4: master)
B: 5.0 (IPv4: backup)
C: 5.2 (IPv4: master, IPv6: backup)
Didn't the CARP protocol change between these releases? I don't think it's
compatible. I'm sure someone else will chime in with the
On Thu, 1 Nov 2012 20:49:39 +0100
Jan Stary h...@stare.cz wrote:
After cleaning my spamdb on the first of last month,
I see that there are 572 WHITE hosts now.
Only a handfull of those are legitimate (my mailserver
is very low traffic, basically just mail for my family).
Looking at the
On Wed, 24 Oct 2012 15:33:55 -0400
Simon Perreault sperrea...@openbsd.org wrote:
I'm going to wait a long time for a firmware update that makes my
IPv4-only printer speak IPv6.
My brother wifi printer from... 5 years ago?? supports ipv6. Sometimes I enable
it and publish it in IRC and see
On Wed, 01 Aug 2012 15:55:36 -0500, Tobias Ulmer tobi...@tmux.org wrote:
After watching, you may understand why he's writing his own stuff
instead of using the awesome PulseAudio.
I really hope you're using the word awesome in an ironic / sarcastic way
That's odd... I swear my wife's macbook has had functional IPv6 for quite
a while... unless the recent Lion update nuked it and I didn't notice?
Please report your findings -- I'd love to fix this at home if it's broken.
On Fri, 22 Jun 2012 17:34:39 -0500, Paul de Weerd we...@weirdnet.nl
wrote:
It makes renumbering easier is a very poor argument. Renumbering is
just as easy wether you use /64s or /126s. Simply replace the first
64 bits and .. tadaa.wav .. you've renumbered.
I can't seem to grasp why
On Thu, 21 Jun 2012 20:00:17 -0500, Daniel Ouellet dan...@presscom.net
wrote:
You cold read the RFC 5375 for example, or a few more like 4291, 3587,
and other like it.
Interesting. RFC 6547 moves Use of /127 Prefix Length Between Routers
Considered Harmful (RFC 3627) to Historic status
On Fri, 22 Jun 2012 08:38:04 -0500, Simon Perreault
simon.perrea...@viagenie.ca wrote:
This is ridiculous. You should be allocating all your PtP links out of a
single prefix protected by an ACL at your border. All packets to the PtP
prefix need to be dropped. You should be doing this no
On Thu, 21 Jun 2012 16:34:51 -0500, Ryan Kirk rjk...@gmail.com wrote:
In my limited experience with ipv6, this has been the case. The
provider has you on a /64 of their own (not part of your /48), so your
WAN interface would have one of their IP's on it, and they should tell
you exactly what it
On Thu, 21 Jun 2012 17:28:05 -0500, Michael Lambert mhlamb...@gmail.com
wrote:
There is a school of thought that says point-to-point links should be
allocated /64s, just like LAN subnets. Not everyone agrees. I like
/120s to
keep things octet-aligned for reverse DNS.
I was under the
On Thu, 21 Jun 2012 18:39:24 -0500, Rod Whitworth glis...@witworx.com
wrote:
It is not a school of thought - it is how it is. I have seen one /126
out in the wild but it is very lonely.
I work at an ISP/datacenter. We use /126s for the link net. Handing out
/64's because you can is stupid
On Thu, 21 Jun 2012 20:00:17 -0500, Daniel Ouellet dan...@presscom.net
wrote:
Have fun, but please read the RFC and don't suggest assignment based on
school of thought. Try to do it right from the start and save you pain
down the road now.
The number of customers asking for IPv6 right
On Tue, 22 May 2012 08:59:28 -0500, Matthew Weigel uni...@idempot.net
wrote:
To be clear, they are probably different people; it just amused me.
Conspiracy Theory: He called it MicroEvil so when you Google his name and
Microsoft an OpenBSD thread doesn't show up which is not really going
On Wed, 25 May 2011 14:26:08 -0500, Amit Kulkarni amitk...@gmail.com
wrote:
all bugfixes go in current and only serious bugfixes or outright
security breaches are backported to the current release and current
release-1 branches, this is in the FAQ
Is there a reason why an OSPF update
Theo, come on man... I really don't understand the hostility here. My goal
here is not to get people worked up. I understand you get harassed a lot
and people constantly beg for this and that, but I just wanted
clarification as I have seen no strict guidelines on what actually becomes
Claudio,
It was not possible to send out LS updates larger then the MTU.
Change the code in such a way that single huge LSA get fragmented
but avoid IP fragmentation when packing multiple ones.
Problem found and fix tested by Benjamin Papillon.
If I understand this correctly, there was an
On Sun, 15 May 2011 16:10:21 -0500, Andreas Bartelt o...@bartula.de
wrote:
Is there a way to do this correctly via /etc/hostname.gif0 ?
Best regards
Andreas
Not sure if this helps, but as far as I know this is the way you're
supposed to do it for a 6to4 tunnel:
Sanitized, but you'll
You're missing the point.
I don't see what your point is at all. The whole time you've been asking
for block level encryption that is cross platform instead of addressing
why using an encrypted archive for transportation is not sufficient. This
should cover 99% of your needs. If you have
On Wed, 16 Mar 2011 13:30:21 -0500, R0me0 *** knight@gmail.com wrote:
Please, someone can indicate the right direction to resove this ?
The first step in troubleshooting this is checking the switch or router
your OpenBSD machine plugs into. Make sure you set the duplex on both the
On Wed, 16 Mar 2011 16:29:13 -0500, R0me0 *** knight@gmail.com wrote:
The structure is :
OBSD 1-AP-AP___APAP--OBSD2**
|___ AP 2 and 3 are linked
with Cable ( Ubiquiti *Rocket M5 ) four AP's
Can you
On Mon, 14 Mar 2011 02:56:09 -0500, Gregory Edigarov
g...@bestnet.kharkov.ua wrote:
Not really sure (claudio@ will certainly correct me), but I know that
OpenBGPD in FreeBSD's ports is never fresh enough. And there was
changes afecting the behaviour of OpenBSD's version.
So I think you
On Mon, 14 Mar 2011 14:46:28 -0500, Stuart Henderson s...@spacehopper.org
wrote:
Make sure your nexthops are valid: bgpctl sh nex
I worked with my coworker on it this afternoon and he discovered the
nexthops issue. We have resolved the problem for now.
Out next step is to figure out how
Hi all,
I work at an ISP and we are very interested in running OpenBGPD on the
edges talking to our transport routers. They won't be routing traffic, but
really just act as an internal BGP cache. Right now our Cisco equipment is
not pulling its weight. When we have flaps with an upstream
Iptables allows me to rewrite the address of outgoing traffic. PF does
not allow this functionality. Is this a missing/broken feature, or is
there a reason why this is not allowed?
Example: I absolutely need traffic sent to 10.10.10.10 to be rewritten
to 192.168.1.1. There is no way around it, it
I completely understand what you're doing there, but that isn't what I'm
trying to do. Perhaps I'll give you a simple scenario that shows how to
make my needs easier to understand.
My home network is 192.168.1.0/24. A host on my network is
192.168.1.10. There is NO host at 192.168.1.200.
I want
34 matches
Mail list logo