Re: inteldrm_attach still broken
* listmail listm...@entertech.com [111230 08:52]: Hi, Back in June of 2011, I reported problems with the Supermicro P8SCI and P8SCT motherboards failing to boot OpenBSD 4.8 and 4.9, due to a kernel page fault trap at interdrm_attach. Just for fun, I tried OpenBSD 5.0 tonight, and the same problem still happens. Has anyone found a workaround for this, or are there any plans to fix it? I have several of these motherboards running in firewalls, and unless I can find a fix, these boxes are trapped at OpenBSD 4.7 until I can replace them all. Have you tried boot -c disable inteldrm If it works, use config -ef /bsd to make it permanent. -- Alexander Polakov | plhk.ru
Re: how to choose outgoing IPv4 address/interface ?
On Fri, 30 Dec 2011 09:21:07 +0500 PP;QQ P(P8P?P8QP8P= chipits...@gmail.com wrote: Hello! I'm runnning BGP server which is also dns resolver. so, host can go to internet using 2 addresses a) vlan379, which is connected to bgp peer b) vlan200, which is my own routable network bgp peer is strange. it permits only bgp and icmp traffic over vlan379, the rest is silently dropped. I'd like to use vlan379 address for bgp communication and vlan200 for dns resolver (and the rest of the traffic), but OpenBSD simply uses vlan379 address. well, I can use NAT on outgoing traffic, but it doesn't seem to be a proper solution. why does OpenBSD choose vlan379 ? how can I make it use vlan200 for all outgoing traffic except bgp communication ? this could be configured on per-service basis. for example, with named read man 5 named.conf, paying particular attention to 'server' section. -- With best regards, Gregory Edigarov
Re: how to choose outgoing IPv4 address/interface ?
On Fri, 30 Dec 2011 10:14:08 +0200 Gregory Edigarov g...@bestnet.kharkov.ua wrote: On Fri, 30 Dec 2011 09:21:07 +0500 PP;QQ P(P8P?P8QP8P= chipits...@gmail.com wrote: Hello! I'm runnning BGP server which is also dns resolver. so, host can go to internet using 2 addresses a) vlan379, which is connected to bgp peer b) vlan200, which is my own routable network bgp peer is strange. it permits only bgp and icmp traffic over vlan379, the rest is silently dropped. I'd like to use vlan379 address for bgp communication and vlan200 for dns resolver (and the rest of the traffic), but OpenBSD simply uses vlan379 address. well, I can use NAT on outgoing traffic, but it doesn't seem to be a proper solution. why does OpenBSD choose vlan379 ? how can I make it use vlan200 for all outgoing traffic except bgp communication ? this could be configured on per-service basis. for example, with named read man 5 named.conf, paying particular attention to 'server' section. also listen and query_source directives are at your service -- With best regards, Gregory Edigarov
I want buy labtop ,work OpenBSD, wireless network must work
Hello all guys, After long time I want buy labtop and I want use it in my work place , in my work place we have only wireless network and we do not have wire network and we have linksys router and other guys connect to linksys and use network .other guys use Windows ,but I want use OpenBSD , and I do not know which models ,I must buy .my new labtop must work in wireless network . Please help me which model I must buy . I can find Lenovo and Asus in here and I can find some model of Sony too. I want use OpenBSD with GNOME and I want use it as Desktop. Please guide me which model I must buy ? My notebook or my labtop must has 6 gigabytes of RAM and has very powerful CPU
Re: I want buy labtop ,work OpenBSD, wireless network must work
On Fri, Dec 30, 2011 at 9:41 AM, Mostaf Faridi mostafafar...@gmail.com wrote: Hello all guys, After long time I want buy labtop and I want use it in my work place , in my work place we have only wireless network and we do not have wire network and we have linksys router and other guys connect to linksys and use network .other guys use Windows ,but I want use OpenBSD , and I do not know which models ,I must buy .my new labtop must work in wireless network . Please help me which model I must buy . I can find Lenovo and Asus in here and I can find some model of Sony too. I want use OpenBSD with GNOME and I want use it as Desktop. Please guide me which model I must buy ? My notebook or my labtop must has 6 gigabytes of RAM and has very powerful CPU http://www.openbsd.org/faq/faq6.html#Wireless Please, look here. There is a list of the supported WiFie devices. -- ### Coonardoo - PQP8P=P8QP:P0 Q QQP=Q / The Well In The Shadow / Le Puits Dans L'Ombre ###
Re: I want buy labtop ,work OpenBSD, wireless network must work
Thanks all guys . Sorry for my bad English , I must use laptop , but I used labtop . For me model is very important ,for example I want know which model of Lenovo work good with OpenBSD . For example I want know Lenovo ThinkPad 7000t work good or no On Dec 30, 2011 12:28 PM, Vitali coonar...@gmail.com wrote: On Fri, Dec 30, 2011 at 9:41 AM, Mostaf Faridi mostafafar...@gmail.com wrote: Hello all guys, After long time I want buy labtop and I want use it in my work place , in my work place we have only wireless network and we do not have wire network and we have linksys router and other guys connect to linksys and use network .other guys use Windows ,but I want use OpenBSD , and I do not know which models ,I must buy .my new labtop must work in wireless network . Please help me which model I must buy . I can find Lenovo and Asus in here and I can find some model of Sony too. I want use OpenBSD with GNOME and I want use it as Desktop. Please guide me which model I must buy ? My notebook or my labtop must has 6 gigabytes of RAM and has very powerful CPU http://www.openbsd.org/faq/faq6.html#Wireless Please, look here. There is a list of the supported WiFie devices. -- ### Coonardoo - P QP8P=P8Q P:P0 Q Q Q P=Q / The Well In The Shadow / Le Puits Dans L'Ombre ###
UTM appliance
Hi, I wanna choose a hardware appliance to make a UTM based on OpenBSD, does anybody have recommendation? Regards, Hassan H. Monfared
Re: I want buy labtop ,work OpenBSD, wireless network must work
Lenovo work good with OpenBSD . For example I want know Lenovo ThinkPad 7000t work good or no I also got Lenovo G565 with Broadcom 4313 unsupported yet by OpenBSD, but this is not an issue to me, so I can wait until the driver is ported. You should print out the list of supported WiFi's and consult your notebook distributor when buying a note to be sure. Some distributors may provide hardware configuration according to the client's wish. I don't know how it is in your country. On Dec 30, 2011 12:28 PM, Vitali coonar...@gmail.com wrote: On Fri, Dec 30, 2011 at 9:41 AM, Mostaf Faridi mostafafar...@gmail.com wrote: Hello all guys, After long time I want buy labtop and I want use it in my work place , -- ### Coonardoo - PQP8P=P8QP:P0 Q QQP=Q / The Well In The Shadow / Le Puits Dans L'Ombre ###
Re: inteldrm_attach still broken
On 2011-12-30, listmail listm...@entertech.com wrote: Back in June of 2011, I reported problems with the Supermicro P8SCI and P8SCT motherboards failing to boot OpenBSD 4.8 and 4.9, due to a kernel page fault trap at interdrm_attach. Just for fun, I tried OpenBSD 5.0 tonight, and the same problem still happens. I don't see any posts from June about this. There's a thread from May where oga@ mentioned he had committed a possible fix. Since this seems to not be working, send a new report with a ddb trace, ideally from -current.
Re: Longsoon/Godson MIPS boxes, where to buy?
i saw them on face book and amazon also 250 500 us dollars On 12/28/2011 04:07 AM, Alan Cheng wrote:On Wed, Dec 28, 2011 at 2:09 AM, Dave U. Random anonym...@anonymitaet-im-inter.net wrote: Are the Longson/Godson MIPS boxes available over the counter yet? If so where is the best place to order one? Thanks. checkout http://www.tekmote.nl/
Re: I want buy labtop ,work OpenBSD, wireless network must work
On Fri, Dec 30, 2011 at 12:36:11PM +0330, Mostaf Faridi wrote: Thanks all guys . Sorry for my bad English , I must use laptop , but I used labtop . For me model is very important ,for example I want know which model of Lenovo work good with OpenBSD . For example I want know Lenovo ThinkPad 7000t work good or no On Dec 30, 2011 12:28 PM, Vitali coonar...@gmail.com wrote: Most distributors have only 1 bit to deal with this info: - wifi - no wifi In such places, asking just for the brand is ask to much already. Depending on where you live, you'll have to figure it out yourself. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: I want buy labtop ,work OpenBSD, wireless network must work
On 12/30/11 04:06, Mostaf Faridi wrote: Thanks all guys . Sorry for my bad English , I must use laptop , but I used labtop . For me model is very important ,for example I want know which model of Lenovo work good with OpenBSD . For example I want know Lenovo ThinkPad 7000t work good or no On Dec 30, 2011 12:28 PM, Vitalicoonar...@gmail.com wrote: It's not the newest model, but the W500 is a wonderful laptop. I am using it now. 2.8G core two, 8G ram, one or two disks, Intel em ethernet and iwn wireless, USB 2, ATI Raedon video. Look for them; since they are not new, the price has come down. --STeve Andre'
Re: Longsoon/Godson MIPS boxes, where to buy?
i saw them on face book and amazon also 250 500 us dollars Like Kurt Russell said, That's TOO FUCKING HIGH!!! When they start selling them for a fair price let's say 50 bucks for the black box and maybe 150 for a loaded laptop then it's time to buy. Until then, tekmote isn't getting my business.
Re: Longsoon/Godson MIPS boxes, where to buy?
most netbooks with Intel Atom retail in the $250 to $400 range; what's your damage? On Fri, Dec 30, 2011 at 7:39 AM, Anonymous Remailer (austria) mixmas...@remailer.privacy.at wrote: i saw them on face book and amazon also 250 500 us dollars Like Kurt Russell said, That's TOO FUCKING HIGH!!! When they start selling them for a fair price let's say 50 bucks for the black box and maybe 150 for a loaded laptop then it's time to buy. Until then, tekmote isn't getting my business.
Re: Longsoon/Godson MIPS boxes, where to buy?
Richard Thornton wrote [2011-12-30 14:25+0100]: what's your damage? The damage of Fritz WChler is that he doesn't read books. I'm currently reading Richtisch beese MC$uler (Hessische Satiren) Reallybad Jaws (Satires from Hesse) a retrospective of humour from my little homeland :), and one of the stories therein is Heinrich Hoffmann - HandbCchlein fCr WChler - 'Little [or: Petty] Handbook' for Agitators The same author also wrote The Story of Little Suck-a-Thumb. You get the idea ... Fritz - stop your handwork, read this first. Bye! beside that. --steffen
Re: Two ISPs on the same interface
On 2011-12-29 18:56, Joseph Yeager wrote: Hello all, I got two ISP lines (1 Mb and 6 Mb) and was planning to route outgoing guest traffic thru the smaller one. Problem is my FW only has two NICs. If both external routers are connected to a Cisco switch as well as the external OpenBSD interface, is it possible to use route-to to send packets to the ISP gateway I choose? All the examples I found use three NICs. Thanks.- The key to figuring this out is a little more detail on the specifics of your ISP connections and provided devices. Are they using just basic modems or devices acting as gateways? If those devices are gateways then you could simply configure the internal side of those gateways to different subnets: say 192.168.1.0/24 http://192.168.1.0/24 for non guest traffic and 192.168.2.0/24 http://192.168.2.0/24 for guest traffic. The firewall will be assigned IPs from both subnets on the same interface via an alias. Your route-to rules for both sides of traffic would use the same network interface, but specify 192.168.2.1 (assuming .1 is the ISP gateway address) as the gateway IP for guest traffic. The other side is if the ISP device is a modem/bridge/media converter and your firewall gets assigned the public IP addresses. In that case you need each connection to have a different gateway (which usually would mean the IPs are on different subnets). If they have different gateways, you can do the same thing as above except change the IP addresses to the public ones. If they happen to have the same gateway, I would look more into aggregating those links and then using ALTQ to throttle guest traffic on your firewall. Both devices are modem/bridge/media converter and each provides 5 public IPs directly to the firewall. And as each subnet has it's own gateway on a different subnet, I'll just try the vlan + alias + route-to approach. Thanks!
Re: OpenBSD as router for UK FTTC?
On 30 December 2011 01:17, Stuart Henderson s...@spacehopper.org wrote: I haven't seen this with pppoe(4) and any of: zen fttc, demon adsl (ipstream), aaisp adsl (ipstream or 21cn), bogons adsl (ipstream). OK thanks. That's a decent list of positives. Does your ISP have reachable technical people that might be able to give a bit of insight into what they're seeing? They do (even taking time out from their vacation!). They observed that we did not attempt to negotiate mru, but none of us could see why that might cause the AC to fail to ack or nak our auth response. As we were impinging on their holiday and we had a workaround we agreed to look more deeply into it at a later date. Unfortunately we're in a catch 22 scenario because: a. Every single pppoe capable device we tested worked straight away except pppoe(4). b. No other customer has apparently had issues similar to this. We've gone with a non OpenBSD router for the pppoe link for now as userland ppp performance was too poor and quite erratic. I hope we'll have a chance to revisit this when the 3rd line techs are back in the office in the new year. Thanks very much for your time and insights. They are very much appreciated.
Re: I want buy labtop ,work OpenBSD, wireless network must work
On Fri, 30 Dec 2011, Mostaf Faridi wrote: Hello all guys, After long time I want buy labtop and I want use it in my work place , in my work place we have only wireless network and we do not have wire network and we have linksys router and other guys connect to linksys and use network .other guys use Windows ,but I want use OpenBSD , and I do not know which models ,I must buy .my new labtop must work in wireless network . Please help me which model I must buy . I can find Lenovo and Asus in here and I can find some model of Sony too. I want use OpenBSD with GNOME and I want use it as Desktop. Please guide me which model I must buy ? My notebook or my labtop must has 6 gigabytes of RAM and has very powerful CPU This can be very difficult to deal with since most manufacturers not only won't tell you exactly what parts they're using but will change them without notice. What I did was to install the latest amd64 snapshot to a USB stick, boot that on the demo machines in stores, and save the dmesg to the stick so I could analyze it later for unsupported hardware. Most (but not all) stores here were willing to let me do this. I eventually found a model where everything I cared about worked. Dave -- Dave Anderson d...@daveanderson.com
Re: how to choose outgoing IPv4 address/interface ?
* PP;QQ P(P8P?P8QP8P= chipits...@gmail.com [2011-12-30 05:21]: why does OpenBSD choose vlan379 ? how can I make it use vlan200 for all outgoing traffic except bgp communication ? for wildcard binds (INADDR_ANY aka 0.0.0.0, connect without bind has the same effect) the address is chosen based on the route to the destination. i. e. for www.google.com from my location: br...@cr10.ham $ route -n get 173.194.69.105 route to: 173.194.69.105 destination: 173.194.69.0 mask: 255.255.255.0 gateway: 80.81.203.34 interface: carp0 if address: 80.81.203.19 priority: 48 (bgp) flags: UP,GATEWAY,DONE use mtuexpire 1431189 0 0 the if address is used. how's the if address figured out? easy. if the route lookup gives a gateway route (as in the above example, gateway 80.81.203.34), a lookup for the route to that gateway is done (basically, i simplify a bit). if needed this is repeated until we get a connected route - which we have straight after looking up the route to the gateway from the previous route in this case. br...@cr10.ham $ route -n get 80.81.203.34 route to: 80.81.203.34 destination: 80.81.203.34 interface: carp0 if address: 80.81.203.19 priority: 4 (connected) flags: UP,HOST,DONE,LLINFO,CLONED use mtuexpire 20 0 224 so now we have our connected route. as in, ($dest $mask) == ($ifaddr $mask) binary of course, and mask is taken from the interface. et voila, we have the interface address figured out and use that as src address. so all you need to do is getting your routes right. from your description (which leads to the impression that your ISP makes you use a pretty strange setup) you'll need to set the nexthop to your ISP's address on that other vlan in your bgpd.conf - look for set nexthop in bgpd.conf.5 -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: UTM appliance
* Hassan Monfared hmonfa...@gmail.com [2011-12-30 10:18]: I wanna choose a hardware appliance to make a UTM based on OpenBSD, does anybody have recommendation? yes, I have one. stop believing marketing lies. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: inteldrm_attach still broken
* Alexander Polakov polac...@gmail.com [2011-12-30 09:11]: * listmail listm...@entertech.com [111230 08:52]: Back in June of 2011, I reported problems with the Supermicro P8SCI and P8SCT motherboards failing to boot OpenBSD 4.8 and 4.9, due to a kernel page fault trap at interdrm_attach. Just for fun, I tried OpenBSD 5.0 tonight, and the same problem still happens. Has anyone found a workaround for this, or are there any plans to fix it? I have several of these motherboards running in firewalls, and unless I can find a fix, these boxes are trapped at OpenBSD 4.7 until I can replace them all. Have you tried boot -c disable inteldrm If it works, use config -ef /bsd to make it permanent. no, don't do that. that just stupidly hides the bug and pretty much makes sure it won't get fixed (unless someone else runs into it too and doesn't pick stupid workarounds). this however IS useful to (mostly) verify inteldrm itself is to blame. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: inteldrm_attach still broken
On Fri, 30 Dec 2011 17:11:18 +0100, Henning Brauer wrote * Alexander Polakov polac...@gmail.com [2011-12-30 09:11]: * listmail listm...@entertech.com [111230 08:52]: Back in June of 2011, I reported problems with the Supermicro P8SCI and P8SCT motherboards failing to boot OpenBSD 4.8 and 4.9, due to a kernel page fault trap at interdrm_attach. Just for fun, I tried OpenBSD 5.0 tonight, and the same problem still happens. Have you tried boot -c disable inteldrm If it works, use config -ef /bsd to make it permanent. no, don't do that. that just stupidly hides the bug and pretty much makes sure it won't get fixed (unless someone else runs into it too and doesn't pick stupid workarounds). this however IS useful to (mostly) verify inteldrm itself is to blame. Thanks to Alexander and Henning for the suggestions. By disabling inteldrm at boot time, I was able to get one of the Supermicro mobos to boot OpenBSD 5.0. From that instance, I used sendbug(1) to mail a bug report. From looking at the changelog http://openbsd.org/plus48.html I see that two changes were checked in between 4.7 and 4.8 related to inteldrm. Hopefully this helps the maintainer of that module to track down and fix the problem. Happy New Year to All! Cheers, --Bill
Re: how to choose outgoing IPv4 address/interface ?
On 2011-12-30, Henning Brauer lists-open...@bsws.de wrote: * chipits...@gmail.com [2011-12-30 05:21]: why does OpenBSD choose vlan379 ? how can I make it use vlan200 for all outgoing traffic except bgp communication ? for wildcard binds (INADDR_ANY aka 0.0.0.0, connect without bind has the same effect) the address is chosen based on the route to the destination. IPv6's source address selection logic is so awesome there's a 23-page RFC to describe it. and it's not even deterministic! if you exhaust the set of 8 priorities to follow, the OS can choose whichever address it likes! clever eh? you couldn't make this up. guess which company authored the RFC.
Re: how to choose outgoing IPv4 address/interface ?
On Fri, Dec 30, 2011 at 2:36 PM, Stuart Henderson s...@spacehopper.org wrote: On 2011-12-30, Henning Brauer lists-open...@bsws.de wrote: * chipits...@gmail.com [2011-12-30 05:21]: why does OpenBSD choose vlan379 ? how can I make it use vlan200 for all outgoing traffic except bgp communication ? for wildcard binds (INADDR_ANY aka 0.0.0.0, connect without bind has the same effect) the address is chosen based on the route to the destination. IPv6's source address selection logic is so awesome there's a 23-page RFC to describe it. and it's not even deterministic! if you exhaust the set of 8 priorities to follow, the OS can choose whichever address it likes! clever eh? you couldn't make this up. guess which company authored the RFC. cisco? and no i didn't look
Re: how to choose outgoing IPv4 address/interface ?
On 2011-12-30, Amit Kulkarni amitk...@gmail.com wrote: On Fri, Dec 30, 2011 at 2:36 PM, Stuart Henderson s...@spacehopper.org wrote: On 2011-12-30, Henning Brauer lists-open...@bsws.de wrote: * chipits...@gmail.com [2011-12-30 05:21]: why does OpenBSD choose vlan379 ? how can I make it use vlan200 for all outgoing traffic except bgp communication ? for wildcard binds (INADDR_ANY aka 0.0.0.0, connect without bind has the same effect) the address is chosen based on the route to the destination. IPv6's source address selection logic is so awesome there's a 23-page RFC to describe it. and it's not even deterministic! if you exhaust the set of 8 priorities to follow, the OS can choose whichever address it likes! clever eh? you couldn't make this up. guess which company authored the RFC. cisco? and no i didn't look Nope. (Actually you can work-around this insanity with v6 by setting pltime 0 when you configure any addresses that you _don't_ want to be used as a valid source).
Re: how to choose outgoing IPv4 address/interface ?
On Fri, Dec 30, 2011 at 05:08:28PM +0100, Henning Brauer wrote: * PP;QQ P(P8P?P8QP8P= chipits...@gmail.com [2011-12-30 05:21]: why does OpenBSD choose vlan379 ? how can I make it use vlan200 for all outgoing traffic except bgp communication ? for wildcard binds (INADDR_ANY aka 0.0.0.0, connect without bind has the same effect) the address is chosen based on the route to the destination. Many applications allow to bind(2) before doing the connect(2) so you can define the outgoing address being used. I know that especialy the DNS resolvers bind and unbound have that option. This is your best option to go NAT free in your situation without calling names at your ISP for insane filtering restrictions on the uplink. Seems like they're stuck in the past where a bgp router was only a bgp router and an easy target to other attacks (like telnet). i. e. for www.google.com from my location: br...@cr10.ham $ route -n get 173.194.69.105 route to: 173.194.69.105 destination: 173.194.69.0 mask: 255.255.255.0 gateway: 80.81.203.34 interface: carp0 if address: 80.81.203.19 priority: 48 (bgp) flags: UP,GATEWAY,DONE use mtuexpire 1431189 0 0 the if address is used. how's the if address figured out? easy. if the route lookup gives a gateway route (as in the above example, gateway 80.81.203.34), a lookup for the route to that gateway is done (basically, i simplify a bit). if needed this is repeated until we get a connected route - which we have straight after looking up the route to the gateway from the previous route in this case. To be true the ifa (as in if address) is stored on each route individually and can be forced by route(8). But yes, on route insertion the kernel will do the mentioned dance by looking up the gateway unless userland provided an ifa in advance. Now that does not help for BGP learened routes but can be used for other tricks. so all you need to do is getting your routes right. from your description (which leads to the impression that your ISP makes you use a pretty strange setup) you'll need to set the nexthop to your ISP's address on that other vlan in your bgpd.conf - look for set nexthop in bgpd.conf.5 set nexthop will not work it is used for outgoing updates not for the FIB. The only option I see to workaround the problem is to use multiple routing tables (one with the BGP feed and one with just a default route) but it still requires some pf(4) trickery to make packets switch between the tables at the right moment. -- :wq Claudio
Re: how to choose outgoing IPv4 address/interface ?
* Claudio Jeker cje...@diehard.n-r-g.com [2011-12-30 23:32]: On Fri, Dec 30, 2011 at 05:08:28PM +0100, Henning Brauer wrote: * PP;QQ P(P8P?P8QP8P= chipits...@gmail.com [2011-12-30 05:21]: why does OpenBSD choose vlan379 ? how can I make it use vlan200 for all outgoing traffic except bgp communication ? for wildcard binds (INADDR_ANY aka 0.0.0.0, connect without bind has the same effect) the address is chosen based on the route to the destination. Many applications allow to bind(2) before doing the connect(2) so you can define the outgoing address being used. I know that especialy the DNS resolvers bind and unbound have that option. true. i kinda exluded the per-app options. how's the if address figured out? easy. if the route lookup gives a gateway route (as in the above example, gateway 80.81.203.34), a lookup for the route to that gateway is done (basically, i simplify a bit). if needed this is repeated until we get a connected route - which we have straight after looking up the route to the gateway from the previous route in this case. To be true the ifa (as in if address) is stored on each route individually and can be forced by route(8). But yes, on route insertion the kernel will do the mentioned dance by looking up the gateway unless userland provided an ifa in advance. Now that does not help for BGP learened routes but can be used for other tricks. in the common setup the true vs exit nexthop stuff will do the trick, but indeed there are exceptions. so all you need to do is getting your routes right. from your description (which leads to the impression that your ISP makes you use a pretty strange setup) you'll need to set the nexthop to your ISP's address on that other vlan in your bgpd.conf - look for set nexthop in bgpd.conf.5 set nexthop will not work it is used for outgoing updates not for the FIB. you're right, thinko on my side. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: I want buy labtop ,work OpenBSD, wireless network must work
On Fri, 30 Dec 2011 04:42:43 -0500 STeve Andre' wrote: It's not the newest model, but the W500 is a wonderful laptop. I am using it now. 2.8G core two Should that be w500 with dual core. Core two duos have botched microcode with security risks according to Theo, though I'm not sure of the specifics/severity.
Re: I want buy labtop ,work OpenBSD, wireless network must work
On 12/30/2011 10:06 AM, Mostaf Faridi wrote: Thanks all guys . Sorry for my bad English , I must use laptop , but I used labtop . For me model is very important ,for example I want know which model of Lenovo work good with OpenBSD . For example I want know Lenovo ThinkPad 7000t work good or no Don't worry about the wireless adapter. If It isn't compatible, buy a nano wifi adapter [1] (are very cheap and compatible). The other hardware is more important because you can't change this if your election is bad. Just buy a good laptop :) 1.- http://www.andahammer.com/assets/Uploads/HomePage/EDUPNano2.jpg Cheers. -- Juan Francisco Cantero Hurtado http://juanfra.info
Re: I want buy labtop ,work OpenBSD, wireless network must work
On 12/30/11 21:23, Kevin Chadwick wrote: On Fri, 30 Dec 2011 04:42:43 -0500 STeve Andre' wrote: It's not the newest model, but the W500 is a wonderful laptop. I am using it now. 2.8G core two Should that be w500 with dual core. Core two duos have botched microcode with security risks according to Theo, though I'm not sure of the specifics/severity. Yes, W500's do have that potential problem. It's a real issue, which makes me think that not running Windows is a grand idea. I'm not sure there is a solution to this. Laptops are special--you can't take parts out or add them as easily as a desktop. *sigh* --STeve Andre'
Re: UTM appliance
So, what ? where is the problem ? On Fri, Dec 30, 2011 at 7:44 PM, Henning Brauer lists-open...@bsws.dewrote: * Hassan Monfared hmonfa...@gmail.com [2011-12-30 10:18]: I wanna choose a hardware appliance to make a UTM based on OpenBSD, does anybody have recommendation? yes, I have one. stop believing marketing lies. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: UTM appliance
There's no one size fits all. A good packet inspection firewall with IPS with application firewall (or application proxy really) and URL filtering with antivirus and antispam, WIFI, DLP (data leakage prevention), log monitoring and inspection, NAC and so on does not really exist, whether you want to buy or make one. It really can't. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: UTM appliance
of course there is no perfect HW for every functionality of UTM. l'm looking for average system applicable in small/medium range business requirement for Firewalling,NAT, Caching,... I understand that no HW brand/model is completely perfect, but there must be a acceptable solutions from suppliers. I personally found this products after some googling, but I'm looking for low price and proofed solution based on OpenBSD, http://www.holl.cn/product/en/productlist.asp?sortID=90 Regards, and Happy New Year for all OpenBSD fans On Sat, Dec 31, 2011 at 8:30 AM, bofh goodb...@gmail.com wrote: There's no one size fits all. A good packet inspection firewall with IPS with application firewall (or application proxy really) and URL filtering with antivirus and antispam, WIFI, DLP (data leakage prevention), log monitoring and inspection, NAC and so on does not really exist, whether you want to buy or make one. It really can't. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: UTM appliance
I don't think you're getting the point. *WHAT* are you looking for? UTM means different things to different people. If all you want is a packet firewall and NAT with URL caching, depending on how many people you're looking at servicing, just about any box on the market will do it. The only additional thing you need to add is either something like squid or polipo. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: UTM appliance
something like pfSense ! On Sat, Dec 31, 2011 at 9:13 AM, bofh goodb...@gmail.com wrote: I don't think you're getting the point. *WHAT* are you looking for? UTM means different things to different people. If all you want is a packet firewall and NAT with URL caching, depending on how many people you're looking at servicing, just about any box on the market will do it. The only additional thing you need to add is either something like squid or polipo. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: I want buy labtop ,work OpenBSD, wireless network must work
buy an i3 instead, but what is the deign flaw which cannot be fixed via microcode updates? On Fri, Dec 30, 2011 at 10:16 PM, STeve Andre' and...@msu.edu wrote: On 12/30/11 21:23, Kevin Chadwick wrote: On Fri, 30 Dec 2011 04:42:43 -0500 STeve Andre' wrote: It's not the newest model, but the W500 is a wonderful laptop. I am using it now. 2.8G core two Should that be w500 with dual core. Core two duos have botched microcode with security risks according to Theo, though I'm not sure of the specifics/severity. Yes, W500's do have that potential problem. It's a real issue, which makes me think that not running Windows is a grand idea. I'm not sure there is a solution to this. Laptops are special--you can't take parts out or add them as easily as a desktop. *sigh* --STeve Andre'