under a linux vm with squid-2.7, configuration
works .. then, maybe is a problem with my transparent proxy configuration??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
On 06/16/2012 12:24 PM, carlopmart wrote:
Hi all,
I have setup a bridge between two interfaces in a pair of OpenBSD fws.
This bridge needs to use an IP address and a carp interface to act as a
gateway for two physical nets using same network range, but it doesn't
works.
My config:
/etc
::250:56ff:fe16:8fb1
to any prio 0
@15 block drop quick inet6 all
I can see how packets flows vi em7 interface but not in em6, and in em6
are blocked by rule 13 (antispoof rule)...
What am I doing wrong??
--
CL Martinez
carlopmart {at} gmail {d0t} com
On 06/09/2012 12:56 PM, Alexandre Ratchov wrote:
On Sat, Jun 09, 2012 at 12:36:19PM +0200, carlopmart wrote:
On 06/09/2012 12:21 PM, Alexandre Ratchov wrote:
On Sat, Jun 09, 2012 at 11:48:29AM +0200, carlopmart wrote:
Hi all,
How can I disable sndiod process?? I have configured under
On 06/10/2012 11:41 AM, Eric Furman wrote:
Stop reading HOWTOS on the Internet.
Read an actual book on UNIX.
(UNIX not Linux. there is a difference)
(GNU is not UNIX)
(No truer words have been spoken)
This stuff is UNIX 101.
Because it is UNIX 101 is the reason the replies
you have gotten are
On 06/10/2012 10:46 AM, Richard Toohey wrote:
On 10/06/2012, at 8:25 PM, carlopmart wrote:
On 06/09/2012 12:56 PM, Alexandre Ratchov wrote:
On Sat, Jun 09, 2012 at 12:36:19PM +0200, carlopmart wrote:
On 06/09/2012 12:21 PM, Alexandre Ratchov wrote:
On Sat, Jun 09, 2012 at 11:48:29AM +0200
On 06/10/2012 12:45 PM, Tomas Bodzar wrote:
On Sun, Jun 10, 2012 at 11:50 AM, carlopmartcarlopm...@gmail.com wrote:
On 06/10/2012 10:46 AM, Richard Toohey wrote:
On 10/06/2012, at 8:25 PM, carlopmart wrote:
On 06/09/2012 12:56 PM, Alexandre Ratchov wrote:
On Sat, Jun 09, 2012 at 12:36
). Or not?
No, it is not normal to assume that things are the same as six years ago.
(But in this case they are: use rc.conf.local instead.)
Correct, but I didn't expect this type of change in rc.conf ...
--
CL Martinez
carlopmart {at} gmail {d0t} com
question about a config file ... nothing more ...
--
CL Martinez
carlopmart {at} gmail {d0t} com
Hi all,
How can I disable sndiod process?? I have configured under rc.conf:
sndiod_flags=NO
but every time host is rebooted, sndiod starts ... Why??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
may have aucat_flags in rc.conf.local that override
your non-standard changes.
But there is not options for aucat_flags under rc.conf ... or maybe I
only need to put under rc.conf.local aucat_flags=NO??
--
CL Martinez
carlopmart {at} gmail {d0t} com
On 06/09/2012 12:21 PM, Alexandre Ratchov wrote:
On Sat, Jun 09, 2012 at 11:48:29AM +0200, carlopmart wrote:
Hi all,
How can I disable sndiod process?? I have configured under rc.conf:
the recommended way to disable it by adding:
sndiod_flags=NO
in /etc/rc.conf.local
sndiod_flags
On 11/11/2011 03:48 AM, Nick Holland wrote:
On 11/10/11 14:49, carlopmart wrote:
Hi all,
is it possible to work under OpenBSD with disk volumes?? Like in linux
world does LVM... If not, how can I expand/resize a disk partition??
In the way LVM or Veritas products or some other systems do
On 11/11/2011 03:40 PM, Nick Holland wrote:
On 11/11/11 04:34, carlopmart wrote:
On 11/11/2011 03:48 AM, Nick Holland wrote:
[bla bla bla]
Thanks Nick. growfs suites my needs. Is this the correct procedure??
http://wiki.arpnetworks.com/wiki/ResizeOpenBSDRootFilesystem
the correct
Hi all,
is it possible to work under OpenBSD with disk volumes?? Like in linux
world does LVM... If not, how can I expand/resize a disk partition??
--
CL Martinez
carlopmart {at} gmail {d0t} com
Hi all,
Maybe it is a stupid question, but I didn't found response ... can I
configure LRO (Large Receive Offload) and GRO (Generic Receieve Offload)
params under OpenBSD like ethtool does in linux world??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
fault. Sorry.
--
CL Martinez
carlopmart {at} gmail {d0t} com
can
also provide those if desired.
ESXi 3.5?? Can you test with ESXi 4 U2??
--
CL Martinez
carlopmart {at} gmail {d0t} com
this is not possible with a machine having only one
NIC.
Any ideas on recommendation on how to achieve this?
Regards,
ML
Place another OpenBSD box on the DMZ area with greylisting tasks ... On
the OpenBSD firewall side, do only packet filtering ...
--
CL Martinez
carlopmart {at} gmail {d0t} com
SATA controller, disk
performance is horrible. In this ESXi 5 server I use another box with
RHEL6 installed acting as an iscsi server and all works very very well ...
Bye.
--
CL Martinez
carlopmart {at} gmail {d0t} com
carlopmart {at} gmail {d0t} com
Hi all,
Will be vmware pv_scsi driver disk supported on OBSD 4.9??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
On 11/24/2010 02:36 PM, SJP Lists wrote:
On 24 November 2010 19:34, SJP Listssjp.li...@flashbsd.net wrote:
On 24 November 2010 01:12, Brad Tilleyb...@16systems.com wrote:
carlopmart wrote:
Advantages are very clear for me: provisioning, administration tasks,
etc ... But I will to know
disadvantages. What is your opinion from the point of view of security?
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
like OpenBSD.
If you configure some pf rules, you are doing firewalling ... In this case you have
all network stack except layer 1, correct??
--
CL Martinez
carlopmart {at} gmail {d0t} com
On 11/23/2010 01:48 PM, carlopmart wrote:
On 11/23/2010 01:42 PM, Bret Lambert wrote:
Because you're still relying on your host's network stack, you aren't
actually firewalling it.
Uhmm .. I am not sure about this. For example: you can configure several virtual
bridges under a ESXi host
On 11/23/2010 02:30 PM, Timo Schoeler wrote:
thus carlopmart spake:
On 11/23/2010 01:48 PM, carlopmart wrote:
On 11/23/2010 01:42 PM, Bret Lambert wrote:
Because you're still relying on your host's network stack, you aren't
actually firewalling it.
Uhmm .. I am not sure about
On 11/23/2010 02:33 PM, Jim Razmus wrote:
* carlopmartcarlopm...@gmail.com [101123 08:22]:
On 11/23/2010 01:48 PM, carlopmart wrote:
On 11/23/2010 01:42 PM, Bret Lambert wrote:
Because you're still relying on your host's network stack, you aren't
actually firewalling it.
Uhmm .. I am
level?? At logical level I can configure a virtual
bridge on this interface and apply firewall rules. Physically, impossible, obvious.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Hi all,
I am trying to find some info to boot an openbsd from a SAN (iSCSI). Is it
possible with the latest openbsd release?
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Aaron Mason wrote:
On Wed, Dec 2, 2009 at 8:44 AM, Robert rob...@openbsd.pap.st wrote:
On Tue, 01 Dec 2009 19:30:27 +0100
carlopmart carlopm...@gmail.com wrote:
Hi all,
I am trying to find some info to boot an openbsd from a SAN
(iSCSI). Is it possible with the latest openbsd release
Stuart Henderson wrote:
On 2009-05-07, carlopmart carlopm...@gmail.com wrote:
Matthew Dempsky wrote:
On Thu, May 7, 2009 at 1:47 PM, carlopmart carlopm...@gmail.com wrote:
Which is that sysctl param Stuart??
net.inet.ip.multipath
See http://www.openbsd.org/faq/faq6.html#Multipath
I have
Uptime
r...@obsdfwint:~#
Is this configuration correct? Why can't I establish my default routes with
multipath using ospfd? Or I am wrong and only I can use multipath+route to with
pf.conf??
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
carlopmart wrote:
Hi all,
I am trying to establish default routes on an openbsd firewall using
ospfd instead of use multipath+route to param under pf.conf without luck.
My topology is:
Internet --- ExtFw1
Stuart Henderson wrote:
On 2009-05-07, carlopmart carlopm...@gmail.com wrote:
Hi all,
I am trying to establish default routes on an openbsd firewall using ospfd
instead of use multipath+route to param under pf.conf without luck.
My topology is:
Internet --- ExtFw1
more
accurately about using OSPF I think that ospf only provides active/passive
default routes. Am I correct???
On Thu, May 7, 2009 at 3:40 PM, carlopmart carlopm...@gmail.com wrote:
Stuart Henderson wrote:
On 2009-05-07, carlopmart carlopm...@gmail.com wrote:
Hi all,
I am trying
Stuart Henderson wrote:
On 2009-05-07, carlopmart carlopm...@gmail.com wrote:
Stuart Henderson wrote:
On 2009-05-07, carlopmart carlopm...@gmail.com wrote:
Hi all,
I am trying to establish default routes on an openbsd firewall using ospfd
instead of use multipath+route to param under
Matthew Dempsky wrote:
On Thu, May 7, 2009 at 1:47 PM, carlopmart carlopm...@gmail.com wrote:
Which is that sysctl param Stuart??
net.inet.ip.multipath
See http://www.openbsd.org/faq/faq6.html#Multipath
I have setup this param previously ... And I think I have found the problem. I
am using
ropers wrote:
carlopmart wrote:
How can I establish a time range and timeout for an authpf rule?
For example I will to permit access from my windows servers access (previous
ssh authentication) to windowsupdate servers from 10:00 am to 13:00 am
and block this traffic if any connection
openbsd firewall (with a snort IDS to control traffic
content) configured as a bridge between DMZ servers and iSCSI servers ..
Any other solution??
Many thanks for your help.
--
CL Martinez
carlopmart {at} gmail {d0t} com
carlopmart wrote:
Hi all,
How can I establish a time range and timeout for an authpf rule? For
example I will to permit access from my windows servers access (previous
ssh authentication) to windowsupdate servers from 10:00 am to 13:00 am
and block this traffic if any connection
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On
Behalf Of carlopmart
Sent: Friday, December 12, 2008 1:30 PM
To: openbsd misc
Subject: Re: Setting time range and timeout for authpf rules
carlopmart wrote:
Hi all,
How can I establish a time range and timeout
minutes.
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
have tested rules using hfsc and cbq and all results are the same. Every tcp or
udp service consumes all bandwidth.
I have attached my pf.conf
Many thanks to all and sorry for my poor english.
--
CL Martinez
carlopmart {at} gmail {d0t} com
# $OpenBSD: pf.conf,v 1.37 2008/05/09 06:04
match/rule analysis.
many of the views from pftop are also available in systat
(in the base OS) these days.
see systat queues, systat rules, systat pf etc.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Hi all,
Somebody knows how can I enable ipv6 in only one interface?? How can I do?? I
have an openbsd 4.3 server with 6 interfaces and I need to setup ipv6 only in
one interface to test some services.
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
need to deploy these infraestructure as soon as possible.
Many thanks for your help.
--
CL Martinez
carlopmart {at} gmail {d0t} com
interested on this ... any hints???
--
CL Martinez
carlopmart {at} gmail {d0t} com
-virtualized domU xen kernel
included on next OpenBSD release (4.3?) or not?? I only want to know this...
Many thanks to all.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Chris Kuethe wrote:
On 10/24/07, carlopmart [EMAIL PROTECTED] wrote:
Dear sirs please: I will return to my original question. I just wondered if xen
will be included into the OpenBSD's kernel to act as a para-virtualized DomU or
not. Nothing more. I will not go into issues of the type
Christoph.
--
CL Martinez
carlopmart {at} gmail {d0t} com
. The reality is
that NetBSD long ago that can be installed and run as domU and OpenBSD not.
And my question is why?? i think that only one developer can't maintain this
type of code ... needs more help. I am not developer but i can do tests if you
needed
--
CL Martinez
carlopmart {at} gmail
). But if it is not possible, I will migrate to NetBSD ...
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Hi all,
How can I encrypt a whole partition with OpenBSD 4.1 or 4.2-current??
I only info about encrypt image files and not partitions
many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Guillaume Duali wrote:
Hello,
perhaps this HowTo will help you ?
http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto
See you :)
Guillaume.
---
carlopmart a icrit :
Hi all,
How can I encrypt a whole partition with OpenBSD 4.1 or 4.2-current??
I only info about encrypt image
Jacob Yocom-Piatt wrote:
carlopmart wrote:
Guillaume Duali wrote:
Hello,
perhaps this HowTo will help you ?
http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto
See you :)
Guillaume.
---
carlopmart a icrit :
Hi all,
How can I encrypt a whole partition with OpenBSD 4.1
carlopmart wrote:
Stuart Henderson wrote:
On 2007/07/20 13:20, carlopmart wrote:
Stuart Henderson wrote:
On 2007/07/20 11:02, carlopmart wrote:
This is my third post about problems with OpenBSD 4.1 during last
two months ...
Yes, and someone replied with a PR (5508) they'd opened about
.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Stuart Henderson wrote:
On 2007/07/20 11:02, carlopmart wrote:
This is my third post about problems with OpenBSD 4.1 during last two
months ...
Yes, and someone replied with a PR (5508) they'd opened about it.
It's fixed already - src/sys/net/if_pfsync.c 1.83.
Maybe the question to ask
Stuart Henderson wrote:
On 2007/07/20 13:20, carlopmart wrote:
Stuart Henderson wrote:
On 2007/07/20 11:02, carlopmart wrote:
This is my third post about problems with OpenBSD 4.1 during last two
months ...
Yes, and someone replied with a PR (5508) they'd opened about it.
It's fixed already
Jens Mayer wrote:
Dear all,
sorry to break the thread, but I did not have the originating message in my
mailinglist folder anymore. Nonetheless, I want to reply to carlopmart who
wrote on 2007-Jun-07:
Last night my openbsd 4.1 has crashed and I don't know why. I am using
this openbsd
this problem??
--
CL Martinez
carlopmart {at} gmail {d0t} com
Marc Balmer wrote:
* carlopmart wrote:
Hi all,
Last night my openbsd 4.1 has crashed and I don't know why. I am using
this openbsd as a part of two carped firewalls.
Crash dump:
kernel: page fault trap code=0
Stopped at pfsync_insert_net_state+0x451: movl 0(%eax,%edx,4),%edx
Show
carlopmart wrote:
Hi all,
I have installed new openbsd 4.1 server with pf rules and latest
patches. When I try to load my pf.conf rules, returns me this error:
DIOCADDRULE: Device or resource busy. What does it means???
Many thanks.
Hi all,
I think that problem is related when I use
Hi all,
I have installed new openbsd 4.1 server with pf rules and latest patches. When
I try to load my pf.conf rules, returns me this error: DIOCADDRULE: Device or
resource busy. What does it means???
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
about how to do it ...
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Heinrich Rebehn wrote:
carlopmart wrote:
Matthias Bertschy wrote:
carlopmart wrote:
Hi all,
I have a very strange problem. I am using an OpenBSD 4.1 with
isakmpd config (isakmpd.conf and isakmpd.policy) to establish vpn
connections for my roadwarriors clients.
When two roadwarriors
with
OPenBSD??
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
put /var/run/pflogd.pid
under newsyslog.conf configuration, this only affects to primary pflogd daemon
and I need to rotate this new log file avery midnight. I have search under man
pages but i don't see any param to assign another pid file ...
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t
no. Roadwarriors use the greenbow client.
Somebody knows how can I fix this???
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Matthias Bertschy wrote:
carlopmart wrote:
Hi all,
I have a very strange problem. I am using an OpenBSD 4.1 with isakmpd
config (isakmpd.conf and isakmpd.policy) to establish vpn connections
for my roadwarriors clients.
When two roadwarriors clients that use the same public ip, only one
not be authenticated. Error is
permission denied. I need to authenticate my users to this kdc and not to
master.passwd. Only root can use local passwd file.
Kerberos configuration works ok on this openbsd server.
What am I doing worng??
Thanks
--
CL Martinez
carlopmart {at} gmail {d0t} com
Hi all,
Somebody knows which scrub options do I need to put in pf.conf for bridge
interfaces? I have an OpenBSD 4.0 fw with one bridge interface and when I try to
launch cat command on a 18kb file, it stops.
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
for ext2_if).
I have tried but doesn't works ... Somebody knows if I could do it??
many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Hi all,
Somebody have test it this Dell server under OpenBSD 4.0? this server use SAS
or SATA disk with PERC 5/i controller, are they supported under OpenBSD 4.0?
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote: -
To: openbsd misc misc@openbsd.org
From: carlopmart [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
Date: 02/04/2007 12:36PM
Subject: Dell 1950 under OpenBSD
Hi all,
Somebody have test it this Dell server under OpenBSD 4.0? this
server use
need to open additional ports or protocols??
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Rogier Krieger wrote:
On 3/23/07, carlopmart [EMAIL PROTECTED] wrote:
Do I need to open additional ports or protocols??
Not so much additional ports or protocols, but are you sure you
enabled X11 forwarding?
A few suggestions for things to check:
+ in /etc/ssh/sshd_config, did you enable
changelog ...
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Maurice Janssen wrote:
On Thursday, March 8, 2007 at 18:58:00 +0100, carlopmart wrote:
Hi all,
I have a extrange problem. Last week, I have installed a new OpenBSD
server for our new datacenter. I had configured two nics to use as a
bridge and I assigned an IP to one of this interfaces
/etc/hostname.bridge0
em2
em3
up
With this configuration, bridge doesn't forward packets between two
network segments (ip forwarding is enabled on sysctl.conf). Somebody
knows what I do wrong???
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
and
another question is: can i use pfctl commands to load new rules (with
carp interfaces) every time that one line goes down??
Many thanks ..
--
CL Martinez
carlopmart {at} gmail {d0t} com
Martinez
carlopmart {at} gmail {d0t} com
to startup??
many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Philip Guenther wrote:
On 12/17/06, carlopmart [EMAIL PROTECTED] wrote:
Somebody knows if exists some option to put on rc.conf file like
FreeBSD does with ipv6_enable=NO option to disable IPv6 support on
OpenBSD 4.0?
Nope. No such option exists in OpenBSD.
Or do I need to recompile
Dave Anderson wrote:
** Reply to message from Jason Dixon [EMAIL PROTECTED] on Sun, 17
Dec 2006 15:17:01 -0500
On Dec 17, 2006, at 2:51 PM, carlopmart wrote:
Yes, my security staff orders to disable IPv6 protocol on all our
firewalls ...
Your security staff is clueless. I bet they like
Jason Dixon wrote:
On Dec 17, 2006, at 2:51 PM, carlopmart wrote:
Philip Guenther wrote:
On 12/17/06, carlopmart [EMAIL PROTECTED] wrote:
Somebody knows if exists some option to put on rc.conf file like
FreeBSD does with ipv6_enable=NO option to disable IPv6 support on
OpenBSD 4.0?
Nope
?? ipsec.conf man pages doesn't helps .
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Sorry I forgot to mention that user1 and user2 has the same public ip.
many thanks ..
carlopmart wrote:
Hi all,
We have several problems with ipsec connections for roadwarriors clients
using x509 certificates. We use ipsec.conf to accomplish this
configuration:
ike passive proto tcp from
boxes are 3.9 with carp configured.
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
used to deploy PKI) to authenticate VPN users?? Somebody knows if
these could be works?? If I need to upgrade to 4.0 is not a problem.
Many thanks and sorry for my bad english.
--
CL Martinez
carlopmart {at} gmail {d0t} com
item?
I haven't seen code for Xen integration come by at source-changes, so I
presume so.
Host support may be further off.
Joachim
--
CL Martinez
carlopmart {at} gmail {d0t} com
Sorry, I would like to say para-virtualized. I test it 4.0 beta under VT
hardware and works pretty well.
Berk D. Demir wrote:
carlopmart wrote:
One question: will be possible to install OpenBSD 4.0 as a domU under
a redhat/debian Xen based server???
Has nothing to do with OpenBSD version
Many thanks Berk.
Berk D. Demir wrote:
carlopmart wrote:
Sorry, I would like to say para-virtualized. I test it 4.0 beta under
VT hardware and works pretty well.
Then the answer is no.
Xen port of OpenBSD is in an experimental stage AFAIK.
There's a mercurial repo. at http://hg.recoil.org
Hi all,
Somebody knows when ipsec faq will be published on openbsd website?? i
need to deploy two openbsd 3.9 HA firewalls with vpn, dhcp and x509
certificates included? Somebody have some howto??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
with new ipsec feaures?? And also, xauth is implemented??
Rogier Krieger wrote:
On 5/5/06, carlopmart [EMAIL PROTECTED] wrote:
Somebody knows when ipsec faq will be published on openbsd website??
It used to be published there but it was taken down. A quick search
through the list archives should
Hi all,
Somebody knows how can I setup two carp load balanced firewalls with
obsd 3.8 or 3.9beta with only one public IP?
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
97 matches
Mail list logo
