On 9/5/05, Giedrius Rekaius [EMAIL PROTECTED] wrote:
On Mon, 05 Sep 2005 15:52:50 +0300, Stephan A. Rickauer
[EMAIL PROTECTED] wrote:
I am already in love with it, since I plan to use it as a HA-firewall
using carp and pfsync. Problem here is just that it looks as if I had to
reinstall
On 9/5/05, Stephan A. Rickauer [EMAIL PROTECTED] wrote:
Ramiro Aceves schrieb:
I like and use both systems. But If you are concerned about easy
upgrading, I would recommend Debian GNU/Linux (no flamewars please ;-)
). It is a very stable system that it is upgraded slowly, about 2 years
Abraham Al-Saleh schrieb:
I am already in love with it, since I plan to use it as a HA-firewall
using carp and pfsync. Problem here is just that it looks as if I had to
reinstall it all year ...
If that's the case, then you just take one down, upgrade it, bring it
back online, take the other
On 9/6/05, Stephan A. Rickauer [EMAIL PROTECTED] wrote:
Not to mention that upgrades with other OS's are even painful _with_ HA
setup ...
As an Insitute we have limited resources in terms of personal AND money.
Therefore, I am forced to rethink any strategy twice. Thanks to all
comments -
Nick Holland schrieb:
There are a lot of measures to how the upgrade process works out. Here
are SOME:
1) Frequency (i.e., how often do you need to do upgrades)
2) Difficulty (how much human work is involved)
3) Ugency (when an upgrade is needed, how important is it that it
is done
Tobias Weingartner schrieb:
This is a systems management issue. It all depends on how you manage
your systems. Compartementalizing change, change management, etc. I
Exactly.
can recommend talking to Fritz Zaucker (tell him I sent ya). He's at
ETHZ as well (in EE I think). His team,
My 'tcpdump -n -e -i pflog0' generates lines like these:
11:22:12.538707 rule 267/(match) block in on em0: 172.16.2.97.32790
225.4.5.6.6001: udp 341 [ttl 1]
I am now trying to find out, what 'rule 267' should be and found posts
regarding 'pfctl -s rules'. My problem is, that rule number
On 9/6/05, Stephan A. Rickauer [EMAIL PROTECTED] wrote:
The reason why I bother this list is that I am impressed of OpenBSD from
the technical point of view. I like its consistency and purity. But in
business environments or comparable organizations where money is an
issue, one needs to think
On Tue, Sep 06, 2005 at 12:25:23AM -0500, Andrew Daugherity wrote:
===
a) biomask e74d netmask ff4d ttymask ffef
...
this are the interrupt masks (on i386) for the levels IPL_BIO,
IPL_NET and IPL_TTY after autoconfiguration has finished. They
will be modified again when clock and rtc are
I have a scrub all fragment reassemble showing up on the first line
of pfctl -s rules. The rules are numbered from 0 (zero). Therefore
I need to add 2 to the line number of the pfctl output to get the
right rule.
The log entry
Sep 04 21:45:56.156323 rule 8/(match) pass in on fxp0:
Andreas Kahari schrieb:
I have a scrub all fragment reassemble showing up on the first line
of pfctl -s rules. The rules are numbered from 0 (zero). Therefore
I need to add 2 to the line number of the pfctl output to get the
right rule.
Thanks Andreas, that explanation fixes my problem as
--On 06 September 2005 11:29 +0200, Stephan A. Rickauer wrote:
I am now trying to find out, what 'rule 267' should be and found
posts regarding 'pfctl -s rules'. My problem is, that rule number 267
has absolutely nothing to do with the line logged above.
# pfctl -sr -vv
Stuart Henderson schrieb:
# pfctl -sr -vv
Cool!
--
Stephan A. Rickauer
Institut f|r Neuroinformatik
Universitdt / ETH Z|rich
Winterthurerstriasse 190
CH-8057 Z|rich
Tel: +41 44 635 30 50
Sek: +41 44 635 30 52
Fax: +41 44 635 30 53
--On 06 September 2005 10:16 +0200, Stephan A. Rickauer wrote:
There is one thing I still don't understand. What effort is it to
deliver patches (not backports) longer than just a few month - given
that the overall amount of patches per release is low with OpenBSD
anyway... let's say you have
On Tue, Sep 06, 2005 at 11:00:34AM +0100, Stuart Henderson wrote:
There doesn't have to be so much difference, actually. With OpenBSD an
upgrade is usually pretty straightforward. The main part of the process
(boot from bsd.rd, run the 'upgrade' process) can equally be used for
patches and
--On 06 September 2005 10:16 +0200, Stephan A. Rickauer wrote:
There is one thing I still don't understand. What effort is it to
deliver patches (not backports) longer than just a few month - given
that the overall amount of patches per release is low with OpenBSD
anyway... let's say you have
Stephan A. Rickauer wrote:
Nick Holland schrieb:
...
Yes, OpenBSD had new releases every six months, and only supports a
previous release with patches for one past release, so your frequency is
going to be higher. So, at the outside, you are looking at an upgrade
Ok, that is the key issue
Ingo Schwarze wrote:
By the way, in case you are looking for serious intrusion
detection, you should not rely on /etc/security anyway, but
install (and maintain!) some real intrusion detection system.
Yours,
Ingo
Agreed. Even storing hashes off site it wouldn't be difficult to get
around
Hi all,
I have a OpenBSD system acting as a firewall. When I use the top command I see
that the swap space is not being used. I'd like to know if the swap space is
only enabled when the system needs it or if it's enabled just when the system
comes up.
Thanks
--
Joco Salvatti
Undergraduating in
--On 06 September 2005 09:36 -0300, JoC#o Salvatti wrote:
I have a OpenBSD system acting as a firewall. When I use the top
command I see that the swap space is not being used.
Typically, one would hope that a firewall doesn't have to swap...
I'd like to know
if the swap space is only
It is enabled at all times but on OpenBSD, it is not used until
needed. See also swapctl -l and swapctl(8).
Andreas
On 06/09/05, Joco Salvatti [EMAIL PROTECTED] wrote:
Hi all,
I have a OpenBSD system acting as a firewall. When I use the top command I
see
that the swap space is not being
Hi list,
i am planning to use openbsd as mail server with sendmail and clamd as
antivirus on intel machine.
What can i use to connect sendmail and clamd?
I know that there are several methods : milter, amavis etc...
Thanks,
Cristian Del Carlo
Hello community
I tried to install Snort_Inline on my OpenBSD-firewall.
But in the ports-collection only snort is implemented.
when I try to compile / configure the sources from www.snort.org with
--enable-inline
I get an error that a libipq.h is missing. Its a file for iptables under
linux.
Now
Cristian Del Carlo wrote:
Hi list,
i am planning to use openbsd as mail server with sendmail and clamd as
antivirus on intel machine.
What can i use to connect sendmail and clamd?
smtp-vilter, which is in ports.
I know that there are several methods : milter, amavis etc...
Thanks,
Cristian Del Carlo schrieb:
What can i use to connect sendmail and clamd?
We use clamsmtp on linux. Don't know whether it is available for OpenBSD...
Anyway: http://memberwebs.com/nielsen/software/clamsmtp/
--
Stephan A. Rickauer
Institut f|r Neuroinformatik
--On 06 September 2005 15:13 +0200, Cristian Del Carlo wrote:
i am planning to use openbsd as mail server with sendmail and clamd
as antivirus on intel machine. What can i use to connect sendmail and
clamd?
/usr/ports/mail/smtp-vilter works nicely, but if users should normally
receive most
Now my question: Is there any way to install snort with inline functionality
??
i dont know, snort inline need netfilter API.
you can to use snortsam. - http://www.snortsam.net
I've started to test bgpd to see if I can use if for a future project.
Are there any plans to make bgpctl show communities, originator-id and
cluster-list ?
Any plans of adding route-refresh to bgpctl ? Something like bgpctl
nei peer clear (in|out) ?
Although I miss a few features it is really
...on Tue, Sep 06, 2005 at 03:13:01PM +0200, Cristian Del Carlo wrote:
i am planning to use openbsd as mail server with sendmail and clamd as
antivirus on intel machine.
What can i use to connect sendmail and clamd?
I know that there are several methods : milter, amavis etc...
Depends
There is no support for PF. If you need in-line function for an IPS, you can
take a look at a FreeBSD/snort_inline/IPFW/divert socket solution:
http://freebsd.rogness.net/snort_inline/
The snort_inline code primarily supports Linux netfilter/libpq. Also note
that snort2pf is considered Active
Hi.
I'm using OpenBSD (3.6 now) as my web/dns/mail/whatever server for a couple of
years. I was very satisfied until a couple of days ago I noticed, that my web
server is not working. I restarted apache, everything was ok then, but after
some time the same happened. I got many many lines like
El mar, 06-09-2005 a las 15:13 +0200, Cristian Del Carlo escribis:
Hi list,
i am planning to use openbsd as mail server with sendmail and clamd as
antivirus on intel machine.
What can i use to connect sendmail and clamd?
I know that there are several methods : milter, amavis etc...
Thanks,
Stephan A. Rickauer wrote:
Nick Holland schrieb:
There are a lot of measures to how the upgrade process works out. Here
are SOME:
1) Frequency (i.e., how often do you need to do upgrades)
2) Difficulty (how much human work is involved)
3) Ugency (when an upgrade is needed, how important
The problem is, that the firewall MUST run with OpenBSD !!
Thanks for answers
Ok,
thanks a lot it seems quite simple to configure.
I don't know about the configuration of sendmail. What i need to have in
sendmail.cf to work with smtp-vilter?
Thanks,
cristian
On Sep 06, 2005 03:34 PM, Stuart Henderson [EMAIL PROTECTED] wrote:
--On 06 September 2005 15:13 +0200,
Search google for openbsd vilter.
Then follow the cached link at the top of the results. The tutorial
describes pretty much what you want. Also tells you how to generate a
new sendmail.cf.
Also, update your /etc/rc* files to have sendmail use the new config
file.
vlad
On Tue, Sep 06, 2005 at
On Sun, 4 Sep 2005, Shawn K. Quinn wrote:
On Sun, 2005-09-04 at 13:57 +0200, [EMAIL PROTECTED] wrote:
p.s.
Forget about D-Link! I recomment to stay far far away of these crap.
I am using a D-Link switch and it has performed acceptably so far. Their
wireless access points might be another
The reason why I bother this list is that I am impressed of OpenBSD from
the technical point of view. I like its consistency and purity. But in
business environments or comparable organizations where money is an
issue, one needs to think about system management very carefully, since
it
Stephan A. Rickauer wrote:
Tobias Weingartner schrieb:
This is a systems management issue. It all depends on how you manage
your systems. Compartementalizing change, change management, etc. I
Exactly.
can recommend talking to Fritz Zaucker (tell him I sent ya). He's at
ETHZ as well
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
Theo de Raadt
Sent: Tuesday, September 06, 2005 11:43 AM
To: Stephan A. Rickauer
Cc: misc@openbsd.org
Subject: Re: Lifecycle question
The reason why I bother this list is that I am impressed of
tony sarendal wrote:
I've started to test bgpd to see if I can use if for a future project.
Are there any plans to make bgpctl show communities, originator-id and
cluster-list ?
Any plans of adding route-refresh to bgpctl ? Something like bgpctl
nei peer clear (in|out) ?
Although I miss a few
I thought I would give the latest Beta a try on a 4WAY PIII. The USB
is supposed to be disabled in the BIOS as there are no physical USB
connectors even on this box. Its a Dell 6350
---Mike
OpenBSD/i386 BOOT 2.10
boot
booting hd0a:/bsd: 4846336+944176 [52+249696+230995]=0x5fb28c
In short, I'm looking for a way to obtain multiple IP addresses via DHCP
on a single NIC. For a more elaborate explanation, see below.
I'm working on a router / firewall in a somewhat arcane network setup.
The situation is as follows: I live in a student dorm with a farily
large local 100 Mbit
Will H. Backman wrote:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
Theo de Raadt
Sent: Tuesday, September 06, 2005 11:43 AM
To: Stephan A. Rickauer
Cc: misc@openbsd.org
Subject: Re: Lifecycle question
The reason why I bother this list
Agreed! Soft-reset would be awesome and more functionality from bgpctl
wouldn't hurt. As is though I like the output style from bgpctl since it
keeps things concise.
Regards,
Joe
On 9/6/05, Karl Austin [EMAIL PROTECTED] wrote:
tony sarendal wrote:
I've started to test bgpd to see if I can
Cristian Del Carlo wrote:
Hi list,
i am planning to use openbsd as mail server with sendmail and clamd as
antivirus on intel machine.
use qmail (http://cr.yp.to/qmail.html) as the MTA - not sendmail.
What can i use to connect sendmail and clamd?
I know that there are several methods :
Hello list,
I just noticed that my USB flash memory stick stopped working after
3.7 (it's been a while since I last used it). Whereas it used to
work perfectly, any attempt to access (e.g. read the disklabel,
mount, dd, ...) the disk now just hangs the machine.
So I traced back the commit which
On 06/09/05, Karl Austin [EMAIL PROTECTED] wrote:
tony sarendal wrote:
I've started to test bgpd to see if I can use if for a future project.
Are there any plans to make bgpctl show communities, originator-id and
cluster-list ?
Any plans of adding route-refresh to bgpctl ? Something like
Peter Huncar wrote:
I'm using OpenBSD (3.6 now) as my web/dns/mail/whatever server
for a couple of years. I was very satisfied until a couple of
days ago I noticed, that my web server is not working. I
restarted apache, everything was ok then, but after some time
the same happened. I got many
tony sarendal wrote:
On 06/09/05, Karl Austin [EMAIL PROTECTED] wrote:
You've read my mind, that was going to be my next question if my issue
about having multiple communities per route was addressed (I tried
-current and it doesn't work). Soft reset, and more route information
from bgpctl
Hello List,
I reinstalled 3.8-beta on the alpha with just the required sets and the
hostname.pppoe0 and ppp.conf files with the amap_wipeout panic still
occuring.
I tried UKC disable amap and pkg_delete -F amap-5.1.tgz and amap-4.5.tgz
without any success.
Any ideas on solving this is much
Alexander Bochmann wrote:
I'm successfully using smtp-vilter as milter
for clamav, but I haven't followed the latest
development on OpenBSD pthreads, and people
used to say that there's problems with the
thread implementation (search the archives
for specifics) - so going with milters might
On 9/6/05, Cristian Del Carlo [EMAIL PROTECTED] wrote:
What can i use to connect sendmail and clamd?
Perhaps, if only for hints, you may want to take a look at MailDroid
that came across the list some time ago. It connects the in-base
sendmail to clamav through smtp-vilter from ports.
You'll
My office network has an adsl connection with a single static
ip as follows:
209.145.160.141/24 (gw 209.145.160.1)
I requested additional ip's from my provider and they gave me
8 addresses at:
207.246.198.216/29
They are routing all 8 of these new addresses down my adsl
'pipe'. On my
On Tuesday, September 06, John Brooks wrote:
(209.145.160.141)
OBSD #1 -
\
Switch DSL Modem ISP(209.145.160.1)
/
OBSD #2 -
(207.246.198.220)
I was expecting that 207.246.198.217 would have been set up
as
On Tue, 6 Sep 2005 15:25:29 -0500, John Brooks wrote:
My office network has an adsl connection with a single static
ip as follows:
209.145.160.141/24 (gw 209.145.160.1)
I requested additional ip's from my provider and they gave me
8 addresses at:
207.246.198.216/29
They are routing
On Tue, Aug 30, 2005 at 03:41:14PM +0200, Simon Dassow wrote:
On Tue, Aug 30, 2005 at 03:30:01PM +0200, Miroslav Kubik wrote:
Is there a way how to show PID which belongs to the socket by netstat
command? I searched man pages but I haven't found any useful switch for my
need. I searched
I gotta ask for help or I'm gonna hose my multi-boot system.
I've got an A6 primary partition with various /usr and /var style partitions
within. Pretty standard, but I ran out of disk space. I added a second
primary A6 partition in the freespace of the same disk using fdisk, but
cannot figure
Still getting the same errors as below:
131529.495890 Plcy 40 check_policy: adding authorizer [passphrase:password]
131529.495915 Plcy 40 check_policy: adding authorizer
[passphrase-md5-hex:5f4dcc3b5aa765d61d8327deb882cf99]
131529.495927 Plcy 40 check_policy: adding authorizer
Does anyone on the list have any comments or caveats on using OpenBSD
as a primary OS on either the Dell Precision m70 or Hewlett Packard
nc6230 notebooks? Google turns up nothing interesting on either.
regards,
aaron.glenn
Hello
I have the following problem, i have a CNet CWP-854 Ralink Wireless-G PCI
Adapter i have configured it on OpenBSD 3.8 Beta after some attempts i was
able to get a status to ACTIVE, however it seems that there is no connection
available, ping any clients on the same network fails same goes
On Tue, 6 Sep 2005, Kelly Martin wrote:
I've got an A6 primary partition with various /usr and /var style partitions
within. Pretty standard, but I ran out of disk space. I added a second
primary A6 partition in the freespace of the same disk using fdisk, but
don't do this.
Can someone walk
On Mon, 05 Sep 2005 15:35:19 +0200, Stephan A. Rickauer wrote:
Well, I am thinking of using OpenBSD for our firewalls. Those I do want
to upgrade regularly. Not because of features, but because of patches.
You will be rewarded by this choice; I am sure !
And still, I cannot understand the
On Tuesday, September 06, John Brooks wrote:
(209.145.160.141)
OBSD #1 -
\
Switch DSL Modem ISP(209.145.160.1)
/
OBSD #2 -
(207.246.198.220)
I was expecting that 207.246.198.217 would have been
On Tue, 6 Sep 2005 15:25:29 -0500, John Brooks wrote:
My office network has an adsl connection with a single static
ip as follows:
209.145.160.141/24 (gw 209.145.160.1)
I requested additional ip's from my provider and they gave me
8 addresses at:
207.246.198.216/29
They
poncenby wrote:
use qmail (http://cr.yp.to/qmail.html) as the
MTA - not sendmail.
Aaaag!!! At the risk of starting a
flame-fest, do yourself a favour, ignore this
advice and stay away from qmail. The license
issue alone should make you stop and think
first. It is about
66 matches
Mail list logo