I have activated pre-orders for the 3.8 release.
We think that lots of new groovy stuff has made it into this release.
Check out http://www.openbsd.org/38.html for more information.
Artistically, the release is based on our RAID management efforts.
Thus, we have named the release "The Hackers of
Isn't PF your problem? Do you have it enabled? It might be blocking your
network traffic, causing this behavior. Check your logs and
/etc/pf.conf.
Nils
-Original Message-
From: eric [mailto:[EMAIL PROTECTED]
Sent: woensdag 14 september 2005 5:22
To: Karsten McMinn
Cc: misc@openbsd.org
S
Now solved (we think/hope) read on:
On Mon, 12 Sep 2005 09:53:10 -0600, jared r r spiegel wrote:
>On Mon, Sep 12, 2005 at 04:23:01PM +1000, Rod.. Whitworth wrote:
>>
>> >On Mon, 12 Sep 2005, Rod.. Whitworth wrote:
>> >
>> >> Any clues/ things to try? I am a bit worried about the build #137 as
>>
You DON'T write a bugreport before you are sure about it is a bug!
You CAN always ask ppl on [EMAIL PROTECTED]
You ASK and TEST first, then WRITE.
On Wednesday 14 September 2005 02:41, you wrote:
> I'd just like to say, in case (miraculously) people on the OpenBSD team don't
> already know this
no.
On Tue, 13 Sep 2005, -f wrote:
> hi there,
>
> is there a reason /bsd must be executable?
> is there a reason /bsd must be not executable?
>
> config -e -o writes an executable one.
> so is that the way it should be?
>
> -f
>
--
And that's why it's important to floss.
On Tuesday, September 13, 2005, 21:31:51, Mattias R. Lindgren wrote:
> I'm using an OpenBSD 3.7 box to try to connect to our cisco
> concentrator at work. Here is what I was sent by our network admin:
>
> 10.0.0.0/0.0.0.255
> 192.168.240.0/0.0.15.255
> 172.22.0.0/0.0.0.255
> 10.10.0.0/0.0.255.255
>
Hello,
maybe you could help me in resolving a weired problem. I am so close to
subsitute my linux box with openbsd, but I seem to misunderstand something:
My gateway/firewall has three interfaces:
em0172.16.3.253
em1130.60.230.187
fxp0 10.1.1.1
Additionally, three carp device
ed <[EMAIL PROTECTED]> wrote:
> Thats good, thanks, I thought tcpdump was IP layer only, because of
> the name.
While tcpdump is not IP layer only, pf is. So you will not be able
to see ARP packets or ethernet addresses when reading pflog.
Can
> On Tue, 13 Sep 2005 14:38:09 +0300
> Huzeyfe Onal
--- Quoting Mattias R. Lindgren on 2005/09/13 at 19:31 -0600:
> bash-3.00# isakmpd -d
> 191943.477359 Default ipsec_validate_id_information: dubious ID information
> accepted
> 191951.404865 Default ipsec_validate_id_information: dubious ID information
> accepted
> 192010.536856 Default transport_
Hi,
I'm having trouble with the atheros minipci card that came with my
ThinkPad X40. It worked fine in Windows XP, but in OpenBSD nothing
but pings go through (and even those are a bit lossy). For example,
here is one ping session:
[EMAIL PROTECTED] ping -s 1500 192.168.2.1
PING 192.168.2.1 (19
On Tue, 2005-09-13 at 17:09:19 -0700, Karsten McMinn proclaimed...
> tweaking syntax to this using nmap 3.50 on 3.6 completed in 343 seconds:
> nmap -P0 -T Insane -v -sT -p 1-65535 x.x.x.x (as root)
>
> It was definately slower using the same syntax on 3.7 though, I
> didn't have time to see how
On 9/13/05, Jonathan Gray <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 13, 2005 at 07:54:52PM -0500, Matt Brenneke wrote:
> > I just bought an Atheros based Netgear 311T to replace my ailing
> > wi0[1] card. I put it in, updated my pf and bridge config files to
> > point to ath0 instead of wi0, and I
On Tue, Sep 13, 2005 at 07:54:52PM -0500, Matt Brenneke wrote:
> I just bought an Atheros based Netgear 311T to replace my ailing
> wi0[1] card. I put it in, updated my pf and bridge config files to
> point to ath0 instead of wi0, and I can't connect. KisMAC doesn't see
> it from my laptop either
I'm using an OpenBSD 3.7 box to try to connect to our cisco concentrator at
work. Here is what I was sent by our network admin:
10.0.0.0/0.0.0.255
192.168.240.0/0.0.15.255
172.22.0.0/0.0.0.255
10.10.0.0/0.0.255.255
10.20.0.0/0.0.255.255
as networks I would need to tunnel to. Here is my isakmpd.c
Hi list,
I've made some experiments with ipsec-bridges using gif-interfaces
like the explained example in man brconfig.
Everything went fine, but sometimes some errors occur.
This is my setup:
Two boxes, both are running 3.7 generic.
Both boxes are connected two the i-net with adsl-modems
with d
I just bought an Atheros based Netgear 311T to replace my ailing
wi0[1] card. I put it in, updated my pf and bridge config files to
point to ath0 instead of wi0, and I can't connect. KisMAC doesn't see
it from my laptop either. Instead, I get "ath0: device timeout"
repeating over and over in my
On 9/13/05, C. Bensend <[EMAIL PROTECTED]> wrote:
>
> > Scans on a local subnet (nmap -sT -p 1-65535) taking 7 hours or more.
> >
> > The built-in nessus port scanner does the same.
>
> H, something _definately_ wrong there. On my LAN, using your
> command line above (from a 3.7-STABLE host to
> Scans on a local subnet (nmap -sT -p 1-65535) taking 7 hours or more.
>
> The built-in nessus port scanner does the same.
H, something _definately_ wrong there. On my LAN, using your
command line above (from a 3.7-STABLE host to a 3.6-STABLE host):
Nmap finished: 1 IP address (1 host up) s
On 9/13/05, eric <[EMAIL PROTECTED]> wrote:
>
> Scans on a local subnet (nmap -sT -p 1-65535) taking 7 hours or more.
>
> The built-in nessus port scanner does the same.
>
have you tried running tcpdump on the interface and seeing what's
getting sent over the wire, and how often?
On Tue, 2005-09-13 at 16:54:53 -0401, Okan Demirmen proclaimed...
> you fail to mention details of such issues...what are they?
Scans on a local subnet (nmap -sT -p 1-65535) taking 7 hours or more.
The built-in nessus port scanner does the same.
--- Quoting Darrin Chandler on 2005/09/13 at 13:56 -0700:
> You might also want to read
> http://www.inetdaemon.com/columns/ask/internet-load-balancing.shtml,
> which will try to talk you out of using BGP for load balancing and
> present a simpler alternative.
This solution talks about using
I had difficulties installing OpenBSD-current (the 9/1 snapshot) on
a Dell Precision 380 (manufacturing date: 07/23/05) with an Intel
dual-port gigabit Ethernet card (em(4)). The installation was done
using a home-brewed bootable CD.
I encountered the following three problems and I hope someone c
On Tue, Sep 13, 2005 at 03:31:34PM -0300, Leonardo Marques wrote:
> how can i do to create a chrooted environment?
QUICK HACK ALERT (untested, undocumented, tty stuff ignored, ugly
ugly ugly, most probably unsecure):
#include
#include
#include
#include
int main(void) {
struct passwd
You might also want to read
http://www.inetdaemon.com/columns/ask/internet-load-balancing.shtml,
which will try to talk you out of using BGP for load balancing and
present a simpler alternative.
j knight wrote:
>--- Quoting Karl O. Pinc on 2005/09/13 at 01:05 +:
>
>
>
>>Finally, not know
On Tue 2005.09.13 at 15:40 -0500, eric wrote:
> I'm running 3.7-RELEASE with all patches on x86 hardware. I've tested
> the bandwidth on them machine, and can easily handle 200-300Mbps. I/O is
> decent too (this is an IBM x335 [dmesg below]). What *really* is nearly
> impossible is running nessus a
--- Quoting Karl O. Pinc on 2005/09/13 at 01:05 +:
> Finally, not knowing much about bgp, I've a question
> about load balancing over the two WAN links. Does
> bgp/OpenBGP have any provisions for load balancing, say
> based on WAN link latency? (Seems like this _could_
> be a "bgp policy" at
I'm running 3.7-RELEASE with all patches on x86 hardware. I've tested
the bandwidth on them machine, and can easily handle 200-300Mbps. I/O is
decent too (this is an IBM x335 [dmesg below]). What *really* is nearly
impossible is running nessus and nmap on this host. Even using the ports, a
single n
> Please read the document.
Unknown command - "PLEASE". Try HELP.
Summary of resource utilization
---
CPU time:0.000 secDevice I/O:4
Overhead CPU:0.000 secPaging I/O:0
CPU model: 1133MHz Pentium III
how can i do to create a chrooted environment?
On 9/13/05, Matthias Kilian <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 13, 2005 at 11:05:20AM -0300, Leonardo Marques wrote:
> > I wanna how to lock a user in his home, he cannot see any other
> > directory, just his home. Someone how can i do this?
>
On Tue, Sep 13, 2005 at 11:05:20AM -0300, Leonardo Marques wrote:
> I wanna how to lock a user in his home, he cannot see any other
> directory, just his home. Someone how can i do this?
rksh may be appropriate, but this is only for *very* simple setups
(no other shell in the user's PATH, and no p
Thats good, thanks, I thought tcpdump was IP layer only, because of
the name.
On Tue, 13 Sep 2005 14:38:09 +0300
Huzeyfe Onal <[EMAIL PROTECTED]> wrote:
> try #tcpdump arp to see only arp packages.
> wants to get link-level header? Add -e option..
>
>
> 2005/9/12, ed <[EMAIL PROTECTED]>:
>
--On 13 September 2005 17:39 +0200, -f wrote:
if it causes Col's on half duplex, and then causes Ierr's on full
duplex, then what is the problem? the modem or openbsd?
there isn't a problem with collisions, they are correct and expected
behaviour with half-duplex ethernet. the devices know h
You can always chroot them into homedir.
rewrite stsh to make a chroot-call via sudo.
Add access to chroot via sudo to everyone.
add user with /bin/chrootsh as they shell.
create a chroot-env for a user in they homedir.
cp favorit shell into chroot-env and symlink it to chrootsh:
cd /home/user; cd
hi there,
is there a reason /bsd must be executable?
is there a reason /bsd must be not executable?
config -e -o writes an executable one.
so is that the way it should be?
-f
--
it's my idea 'cause i stole it first!
On Mon, 12 Sep 2005, Lars Hansson wrote:
On Sun, 11 Sep 2005 15:48:12 -0500
Justin Krejci <[EMAIL PROTECTED]> wrote:
If anyone has any know how on tweaking Cisco's smtp fixup protocol, that would
be great.
I don't know of *anyone* with an even remotely serious mail system that has
been able t
--On 13 September 2005 17:02 +0200, -f wrote:
what does actually Ierrs mean and how can i diagnoze it?
some time ago i had some Colls, but i fixed that by specifying
full duplex and they disappeared.
that's what happens when you force full-duplex and connect to a device
which doesn't support
hi there,
today i noticed the following:
kripel> netstat -i | grep ne
NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls
ne3 150000:e0:06:f1:93:4f 3343306 26136 1330472 0 0
ne3 1500 fe80::%ne3/ fe80::2e0:6ff:fef 3343306 26136 1330472 0
On Tue, Sep 13, 2005 at 11:43:04AM -0300, Leonardo Marques wrote:
> Sorry, local access .
you'll need to create systrace policies.
man systrace
Sorry, local access .
But trought ssh will be cool too.
On 9/13/05, Gleydson Soares <[EMAIL PROTECTED]> wrote:
>
>
> On Tue, Sep 13, 2005 at 11:05:20AM -0300, Leonardo Marques wrote:
> > Hello people,
> >
> > I wanna how to lock a user in his home, he cannot see any other
> > directory, just his
Leonardo Marques wrote:
Hello people,
I wanna how to lock a user in his home, he cannot see any other
directory, just his home. Someone how can i do this?
Thanks for attention,
[]s
--
--
Leonardo Marques
http://www.analyx.org
--
Hmm,
--On 13 September 2005 11:05 -0300, Leonardo Marques wrote:
I wanna how to lock a user in his home, he cannot see any other
directory, just his home. Someone how can i do this?
stsh?
On Tue, Sep 13, 2005 at 11:05:20AM -0300, Leonardo Marques wrote:
> Hello people,
>
> I wanna how to lock a user in his home, he cannot see any other
> directory, just his home. Someone how can i do this?
>
ftp ? ssh ? local access ? what is the type access ?
Hello people,
I wanna how to lock a user in his home, he cannot see any other
directory, just his home. Someone how can i do this?
Thanks for attention,
[]s
--
--
Leonardo Marques
http://www.analyx.org
--
On 13/09/05, Diego Fernando Nieto Moreno <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Greetings from Colombia,
>
> I have a C-MEDIA Sound Card, since OpenBSD 3.5 this device use a AC97(4)
> driver, but OpenBSD play some sound formats too fast.
>
> I think that it is a OpenBSD bug because never Media Pl
On Tue, Sep 13, 2005 at 06:20:29AM -0700, Diego Fernando Nieto Moreno wrote:
> ...But when I power on my PC and KDM start I can't use the Keyboard...
Try running /usr/local/bin/genkdmconf to configure KDM.
On 13/09/05, Antoine Jacoutot <[EMAIL PROTECTED]> wrote:
> Diego Fernando Nieto Moreno wrote:
> > But when I power on my PC and KDM start I can't use the Keyboard :'( In the
> > Xorg.log appear the following entry only when KDM starts since /etc/rc:
> >
> >>(EE) KbdOn: tcsetattr: Inappropriate ioc
Diego Fernando Nieto Moreno wrote:
But when I power on my PC and KDM start I can't use the Keyboard :'( In the
Xorg.log appear the following entry only when KDM starts since /etc/rc:
(EE) KbdOn: tcsetattr: Inappropriate ioctl for device
Yes, I don't use KDM so I can't really give you the ans
Hi,
...on Tue, Sep 13, 2005 at 10:12:11AM +0200, qstreb wrote:
> Yesterday i got surprised, it looks that in Germany (and some other
> countries)
> there are some lows/requirenments/obligations that in case a firewall
> (appliance) is "owned"
> by third parties and they produce any damages
Hi,
Greetings from Colombia,
I have a C-MEDIA Sound Card, since OpenBSD 3.5 this device use a AC97(4)
driver, but OpenBSD play some sound formats too fast.
I think that it is a OpenBSD bug because never Media Player (mplayer, mpg123,
xmms, noatun) solve this problem.
I see "Enlace" He ask the
Hi,
Greetings from Colombia
I'm using OpenBSD 3.7 and I configure the KDM
When I starting KDM since a root console
> login: root
> Password:
> Terminal type? [vt220]
> [EMAIL PROTECTED]:~ # kdm
It works fine :-)
But I add an entry in a /etc/rc.conf and /etc/rc for KDM starts when I power on
Hello List, Just wanted to say thanks to the List for your help and to
OpenBSD devs for the awesome operating system.
So far the alpha firewall is a lot faster serving up the web than my
Linksys router did. : )
Went from Windows to OpenBSD in about three months of learning and still
learnin
...on Mon, Sep 12, 2005 at 06:02:24PM -0700, Arthur Bebak wrote:
> I'm trying to run famd (the port of the file monitoring
> utility from SGI) on OpenBSD 3.7. In order to do this it
> appears I need a bunch of functions such as getmntent, which
> apparently are in the GNU libc.
What do you
try #tcpdump arp to see only arp packages.
wants to get link-level header? Add -e option..
2005/9/12, ed <[EMAIL PROTECTED]>:
> On Mon, 12 Sep 2005 13:26:19 -0400
> "Will H. Backman" <[EMAIL PROTECTED]> wrote:
>
> > >
> > > This has most of the data that I need, but it seems to be missing
> >
Arthur Bebak wrote:
I'm trying to run famd (the port of the file monitoring
utility from SGI) on OpenBSD 3.7. In order to do this it
appears I need a bunch of functions such as getmntent, which
apparently are in the GNU libc.
Doing some Google searches I find references to a linux_base port
w
Hello!
On Mon, Sep 12, 2005 at 06:02:24PM -0700, Arthur Bebak wrote:
>I'm trying to run famd (the port of the file monitoring
>utility from SGI) on OpenBSD 3.7. In order to do this it
>appears I need a bunch of functions such as getmntent, which
>apparently are in the GNU libc.
You'll probably
I need this driver for winxp Nokia D211 WLAN+GPRS (pcmcia) please ...send me
..
On 9/13/05, Reyk Floeter <[EMAIL PROTECTED]> wrote:
> On Mon, Sep 12, 2005 at 09:12:35PM +0100, Eric Dillenseger wrote:
> > Hello,
> >
> > I've been using a DWL-G520 as an access point with OpenBSD 3.7. Apart
> > from not allowing higher modes than 11b, it ran fine.
> >
> > Today I upgraded to 3.8
Tobias Weingartner wrote:
Your next option might be to pay...
But, I wasn't asking for anything... I was just explaining why I
couldn't do it myself.
But it is good to know that I have options if I win the lottery ;)
Antoine
Hello there.
qstreb schrieb:
> I want to apologise if this is a bit of topic
> but as it goes about replacing nice configured OpenBSD Firewalls (5 pieces)
> i am asking here
> (it really hurts, as i put a lot of effort to have something stable,
> simple, secure and ... )
>
> Yesterday i got surpr
I want to apologise if this is a bit of topic
but as it goes about replacing nice configured OpenBSD Firewalls (5 pieces)
i am asking here
(it really hurts, as i put a lot of effort to have something stable,
simple, secure and ... )
Yesterday i got surprised, it looks that in Germany (and some
60 matches
Mail list logo
