From: [EMAIL PROTECTED]
My goal with the bridge is to filter all traffic coming in from the
outside world, while allowing servers my servers behind the bridge
to connect freely even if their traffic has to travel out to the
router and back(keep state?).
My point of confusion is
From: [EMAIL PROTECTED]
Luke Bakken wrote:
cmd1 21 $WHERE
This doesn't do what you think it does, which I'm assuming
is redirect
stderr and stdout to $WHERE.
What does it do? I was of the belief that it is indeed doing
the above,
and the log/scratch files I redirect to have
From: [EMAIL PROTECTED]
Hi people, i want to set a rate limit in my proxy server, i
have 2mbps
and i want to limit the proxy to 768kbps, reading the pf faq i found
some examples, but its not working, i only want to limit the
bw, not to
do qos, i only addedd these lines to pf.conf
From: [EMAIL PROTECTED]
Dag Richards wrote:
Am I correct in inferring ( not assuming no! ) that once a
carp iface is
created we can not add aliases to them?
#ifconfig carp1 alias 123.32.217.21 netmask
255.255.255.0
ifconfig: SIOCAIFADDR: Can't assign requested address
Wouldn't the
From: [EMAIL PROTECTED]
Well I4m interested in YOUR ubersystem to reduce the load...
Are you a solution in search of a problem, right now?
DS
From: [EMAIL PROTECTED]
Well i just installed my First OpenBSD BOX :) feels
good !!! but to install packages i cannot find ports
collection in /usr how can i get them ? i am using 3.7
version.
Read:
http://www.openbsd.org/ports.html
It's even an FAQ. Read:
From: [EMAIL PROTECTED]
Certainly want to try this when I can find time. Forgive me for being
lazy, but probably could encourage more to try by providing
some kind of
step-through or guide:)
What kind of a guide is needed? Install the x* file sets, and pkg_add your
applications.
Why do
From: [EMAIL PROTECTED]
Probably this is what is meant by user whining.
Shameless user whining, no less.
I was trying to install 3.8 packages on a 3.9 machine and I
get an error
I expect they're referred to as 3.8 packages, since they're for 3.8... and
3.9 packages would be for 3.9...
DS
From: Johan SANCHEZ [mailto:[EMAIL PROTECTED]
What kind of a guide is needed? Install the x* file sets,
and pkg_add your
applications.
Hi,
Personnally i prefer use the ports tree or compile from the sources
but even if that s not that complicated it could be useful to read
in what
From: [EMAIL PROTECTED]
Should each user have access to his/her own passwords, and
nothing else?
Which user can change which password(s)?
The security model can be something like 'john belongs to pay_group,
so he can read and maybe write (if group administrator) passwords of
From: [EMAIL PROTECTED]
I'd like to know your opinion about to major DNS servers: Bind and
djbdns. Which one is the best (I'm not sure if I may ask it this way)?
You may, but it's not a good line of questioning. There is no best as this
is a matter for subjective debate. It is a fruitless
From: [EMAIL PROTECTED]
That said, I think a wall of shame page on the OpenSSH site
might be a good idea: one listing all those big companies
mentioned that have never donated a dime. Negative PR might
result in more donations than managers receiving the minor
annoyance message
From: [EMAIL PROTECTED]
Why don't we have separate lists? One for general questions,
and gently
guiding new users to the FAQ and man pages? It can be all fuzzy and
warm; a place for pleasantries. And a separate list for more
experienced
users that want to dwell in the lair of
From: [EMAIL PROTECTED]
OpenBSd always charges nothing back, that's an ideology (that's the
way i see). The price of ideologies in a world like ours is expensive.
For instance, i am tired of seeing big players using openssh and the
like. They give nothing back to OpenBSD. Probable the thrid
From: [EMAIL PROTECTED]
Yes, English is not my native tongue, but I think the meaning of
donations and the link to that is understood in may languages no?
Since donation is so well understood maybe your english good enough to
you show me where `donation' appear on Theos' URL.
Point
From: [EMAIL PROTECTED]
2. For an automated installer, how would the installer
know where to get the proper
package?
`machine -a` will pull the application architecture.
`uname -r` will get your release.
Don't know about magic for a package version. Perhaps pkg_add(1) can handle
some of
From: [EMAIL PROTECTED]
I just searched the net for hours but didn't find a
reasonable solution.
My intention is to get traffic graphs, like the ones in mrtg for
interfaces but for specific services (that is one for ftp,
one for http
and so on).
First idea was to use mrtg/snmp that I
From: [EMAIL PROTECTED]
cpu0: VIA Samuel 2 (CentaurHauls 686-class) 533 MHz
cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX
real mem = 158900224 (155176K)
avail mem = 138125312 (134888K)
using 1965 buffers containing 8048640 bytes (7860K) of memory
rl0 at pci0 dev 20 function 0 Realtek 8139 rev 0x10:
From: [EMAIL PROTECTED]
[... doesn't have idle memory]
Is it a real problem, or is this only misleading top output (despite
the machine feeling quite sluggish)?
Or does OpenBSD put idle memory to productive use elsewhere, making the
perception that it is just leaking away?
DS
From: [EMAIL PROTECTED]
When updating the kernel to CURRENT (in the case, 3.9), do I
have to update
ports and already installed packages?
Packages and ports should stay in sync with the rest of the userland. The OS
should stay in synch with the kernel since there are important dependencies
From: [EMAIL PROTECTED]
I am under the impression from documentation and misc list archives,
that openbsd doesn't support logical volumes only CCD.
Huh? Use your _RAID_ volume managment to create multiple logical volumes and
these will appear to your BSD box as multiple, smaller disks. Use
From: [EMAIL PROTECTED]
I do not want to start a flame war here, but I would like
to know why
there is not a native OpenOffice port for OpenBSD. I mean, the
technicall resons, I am not a programmer and I would like
to know it.
because you haven't ported it yet.. You see someone
From: [EMAIL PROTECTED]
Wouldn't it be better then to start a spinoff project (openhttpd or
something comes to mind) instead of still calling it apache httpd 1.3?
No, because that's what it is.
What you're talking about is marketing drivel.
You don't have to keep up with the Joneses,
From: [EMAIL PROTECTED]
What is bothering me is the sentence:
Rules are processed in the order in which they were added to
the interface,
and the first rule matched takes the action ...
Does this really mean that no hash function is used? I mean
if I have 2
MAC Addresses and want
From: Joachim Schipper [mailto:[EMAIL PROTECTED]
Yes, and root can do quite a few other nasty things as well.
Where did I
say this was something completely new? Where did I say that
it fixed the
problem?
It does two things:
1. It makes a single avenue of attack ('the most obvious
From: steven mestdagh [mailto:[EMAIL PROTECTED]
On Tue, Jan 24, 2006 at 11:04:33AM -0700, Spruell, Darren-Perot wrote:
Would be useful to have information logged for the
connection identifying
the key used to authenticate, by the key comment if
possible. Does sshd
already have
Is it possible to have sshd log information about the key used to
authenticate to a given user account upon connection?
Our situation is that we have a user account that multiple people have
access to log into to retrieve files. Each user authenticates to that
account with their own SSH key.
From: Joachim Schipper [mailto:[EMAIL PROTECTED]
Our situation is that we have a user account that multiple
people have
access to log into to retrieve files. Each user
authenticates to that
account with their own SSH key. Current log entry shows:
Jan 24 11:01:20 sftp sshd[23555]:
From: Axton [mailto:[EMAIL PROTECTED]
The U.S. Department of Homeland Security is extending the scope of
its protection to open-source software.
...
The list of open-source projects that Stanford and Coverity plan to
check for security bugs includes Apache, BIND, Ethereal, KDE, Linux,
From: Travers Buda [mailto:[EMAIL PROTECTED]
I think YOU need to articulate why CGD is not making it in.
Why is the
burden of proof on me? After all, YOU ported it in the first place!
YOUr desire preceded mine.
Travers - are you bipolar or just hyper?
I think it was made clear earlier
From: Gaby vanhegan [mailto:[EMAIL PROTECTED]
I would think php, but this doesn't explain it unless you turned the
chroot off.
Due to historical reasons, we're not running apache chrooted. This
is why they're in /tmp rather than /var/www/tmp, or any other place.
Given the security
From: viq [mailto:[EMAIL PROTECTED]
Is there a way around this so the full install c/w plugins,
etc all work
in a chrooted environment?
Ah. I don't have yet that much experience with ports, and
didn't play with
nagios, so i'm afraid the help will have to come from someone
else. All
From: Han Boetes [mailto:[EMAIL PROTECTED]
The people who they are addressing are bussiness, and they think
in terms of gaining money and loosing money.
Open Source Software is a concept they will not understand easily
since they don't have a concept of interacting with people without
a
From: pete wright [mailto:[EMAIL PROTECTED]
Not that I don't think openssh is superior for the fact that it *is*
open software, I bet that the company in question needs software
support lisc. for legal issues. If the software goes tit's up and
costs the company N dollar's it is easier to get
From: frantisek holop [mailto:[EMAIL PROTECTED]
hmm, on Mon, Nov 28, 2005 at 05:32:54PM +0100, Otto Moerbeek said that
It's even a FAQ: http://www.openbsd.org/faq/faq8.html#wwwnotstd
at least remove
We welcome new contributors,
because that is clearly not true.
Sure, should be something
From: Ted Walther [mailto:[EMAIL PROTECTED]
On Wed, Nov 16, 2005 at 08:51:12AM +0100, Otto Moerbeek wrote:
This adujsting by information is not available to ntpd. ntpd
requests an adjustment using the adjtim(2) system call. The argument
is the actual offset. It is up to the kernel to decide
From: MK [mailto:[EMAIL PROTECTED]
worked fine. But now in OpenBSD 3.8 it seems that IPA doesn't work
correctly. I can compile it, run it but the IPA can't see any
traffic. I
have same config file as before. I think that something had
to change in new
version of OpenBSD so IPA can't
From: Aiko Barz [mailto:[EMAIL PROTECTED]
My problem:
I tried to move my mailservers from Linux to OpenBSD. It's a
qmail-ldap
system with its users stored in OpenLDAP. Each of my users has its own
UID. There is only one troublemaker: maildrop. It depends on getpwuid
and getpwnam. But
From: Marc L'Heureux [mailto:[EMAIL PROTECTED]
I used to have dev=/dev/cd0c:0,0,0 but looking at my dmesg
I thought I might
have to change it to dev=/dev/cd0c:0,1,1. Providing
different options to
cdrecord does not help, it still bails
It should be dev=/dev/rcd0c:$BUS,0,0 -
Is ipa known to work under OpenBSD 3.8? I'm running the daemon with a valid
config and believe it is set to report on 2 rules in my pf ruleset, but it
reports 0 bytes where there should be 0 bytes if I read it correctly:
# ipastat -R in$ -x -i oct-nov
+-+-+
From: Greg Thomas [mailto:[EMAIL PROTECTED]
On 11/1/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On Tue, 1 Nov 2005, Greg Thomas wrote:
On 11/1/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On Tue, 1 Nov 2005, Bob DeBolt wrote:
Greets
I certainly found it worth a
From: Andreas Kahari [mailto:[EMAIL PROTECTED]
On 31/10/05, Gareth Nelson [EMAIL PROTECTED] wrote:
I tell people of the joy of puffy everywhere I go, at the
busstop I shout
THEY CALLED IT BSD AND OPEN BECAUSE IT'S ALWAYS FREE
Seriously though, I now recommend OpenBSD to everyone as a
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
I have been moving a single Linux FW to a pair of OBSD
machines, lured by carp and pfsync. This has been working
well in my test environment. This also lead me to vpns
running with ISAKMPD, replaceing a Freeswan box, and
forestalling
From: Rico [mailto:[EMAIL PROTECTED]
Reading the last couple of days of sftp/scp's posts and reading up on
the achives I just wanted to ask..
Would it be a bad idea to extend OpenSSH with some extra feaures like:
1. In sshd_config - making it possible to provide a sftp/scp only
From: Emilio Perea [mailto:[EMAIL PROTECTED]
On Wed, Oct 19, 2005 at 12:04:33PM -0600, Diana Eichert wrote:
I just had a major AhHa moment while I was deleting whiny posts from
[EMAIL PROTECTED] The number of whiny posts increases dramatically
right before,
during and shortly after the
From: Wolfpaw - Dale Corse [mailto:[EMAIL PROTECTED]
On 10/19/05, Wolfpaw - Dale Corse [EMAIL PROTECTED] wrote:
quickly. I try not to use limits, because it slows
compiling to crap
:(
this makes no sense whatsoever.
To clarify, if you limit someone's ram use to a certain
From: Graham Toal [mailto:[EMAIL PROTECTED]
You've got a couple of weird things and errors on your page:
- You say OpenBSD doesn't support multiple consoles: ctrl+alt+f2
Yup! Thanks. Linux uses ALT-Fkey which I tried. Didn't try
adding CTRL. :-/ Assumed it didn't have it, and too busy
From: ed [mailto:[EMAIL PROTECTED]
I've been looking at ways to make a redundant and load
balanced SAN. As
you put it, it's not high reliability, once you get a problem
with RAID,
or the box that it's attached to, you can consider the data 'unknown'.
The best solution that I have seen
From: Nick Holland [mailto:[EMAIL PROTECTED]
Theoretically, this is a weak solution. However, PRACTICALLY
speaking,
it's simple and very effective. Other than blocked services
opening up
alternative entry points, I've not actually seen anyone bypass this
system in real life (for example,
From: Joe S [mailto:[EMAIL PROTECTED]
Is anyone on the list running an Ultra 5 as firewall? I would like to
move my firewall from an overpowered P4-3GHz box to a Sun
Ultra 5 360MHz.
My main concern is wondering if the Ultra 5 is slow enough to
become a
bottleneck from one interface to
From: frantisek holop [mailto:[EMAIL PROTECTED]
i also don't understand how is it possible that operations on this
primitive file system tends to result in badness.
especially when so much reference implementations are floating
around (all the other bsd's, linux, embedded devices).
fix it
From: frantisek holop [mailto:[EMAIL PROTECTED]
Want it fixed? Submit patches. Use your wide array of reference
implementations to fix it, since it's such a hot item on
your plate.
forgive me my bitterness. i am mourning my lost files.
And consequently whining like a little
From: Tobias Weingartner [mailto:[EMAIL PROTECTED]
On Monday, September 26, Szechuan Death wrote:
Again, looking at the original post, the database seemed to me to be
part and parcel of this, for efficiency reasons. As you might be
aware, you can't have a dependency outside the src/ tree;
From: Szechuan Death [mailto:[EMAIL PROTECTED]
Theo de Raadt wrote:
Don't the OpenBSD developers already work hard enough, that now we
are supposed to do even more boring business oriented things for you
all?
Every release, more people download OpenBSD and fewer
people buy
From: J.D. Bronson [mailto:[EMAIL PROTECTED]
Is there any way to accomplish this:
1. Use ssh with passwords internally (lan to lan connections)
2 Use ssh with publickeys externally (wan to lan connections)
...thanks!
I can't think of a way to do it with the same user account, but you
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
My only question is what if I traceroute to you, find out the
IP number of your upstream router? Then I make a bunch of
connection attempts to your IP but forge the packets to make
them look like they came from your upstream. Don't *you*
From: Wolfgang S. Rupprecht
2) Forging the source IP in a TCP packet and succeeding in negotiating
the 3-way handshake isn't all that simple any more. I wouldn't
worry about it. If someone could forge that reliably, there is
much better game to go after (like breaking into machines
From: Jasper [mailto:[EMAIL PROTECTED]
VirtualHost www.mercatortrading.nl:443
VirtualHost www.profibas.com:443
running httpd -uDSSL gives the following warning:
[Tue Sep 20 20:39:33 2005] [warn] VirtualHost
www.mercatortrading.nl:443
overlaps with VirtualHost www.profibas.com:443, the
From: Vinicius Pavanelli Vianna [mailto:[EMAIL PROTECTED]
They say all their ifaces are forced to 100 full duplex, when i try to
autoneg with their switches i always got 100 half duplex, and
the speed
is bad, so i forced all to 100 full duplex so i can get some speed,
don't ask me why they
From: Alex Kirk [mailto:[EMAIL PROTECTED]
I'm bailing here. I don't remember 3.4 well enough.
I was afraid of that. I've been meaning to upgrade to 3.7 for
a while -- is it
likely to make that big of a difference if I upgrade? If I
were to still
experience this problem with 3.7, might
From: Stephan A. Rickauer [mailto:[EMAIL PROTECTED]
Gaby vanhegan wrote:
$if_in=xl0
$if_out=xl1
pass in on $if_in keep state
pass out on $if_out keep state
Ok, let's stick to that example. Imagine a firewall having three
interfaces connecting Internet, LAN and DMZ. When I would
From: Toni Mueller [mailto:[EMAIL PROTECTED]
moreover, when you think about it, ftp w/TLS encrypts the control
channel, it's the entire point that 3rd parties (like
ftp-proxy) can't
see or modify what's gpoing on, so this cannot possibly work.
I can't see why this must be so. HTTPS
From: Miroslav Kubik [mailto:[EMAIL PROTECTED]
Is there a way how to show PID which belongs to the socket by netstat
command? I searched man pages but I haven't found any useful
switch for my
need. I searched in Linux man pages for netstat as well and
it seems that
Linux can do it by p
From: John N. Brahy [mailto:[EMAIL PROTECTED]
I'm trying to build a OpenBSD mysql cluster and I haven't been able to
fully compile the mysql build tools that are required to compile the
MaxDB so I can get ndb_mgmd and ndb_mgm. Does anyone have a patch to
make it work or a package with those
From: Todd C. Miller [mailto:[EMAIL PROTECTED]
In message [EMAIL PROTECTED]
so spake Hans Almqvist (hasse):
Ok. I found the answer myself.
User named must be able to write to /var/named
What would be the right thing ?
Leting named own /var/named or having named be
member of
From: Joco Salvatti [mailto:[EMAIL PROTECTED]
I'd like to know what are the necessary steps to run
GNU/Linux binaries
under
OpenBSD, or where I could get a good paper about it.
Manual pages are always a good place to start:
From: Scott Plumlee [mailto:[EMAIL PROTECTED]
Took me a while to get interested in sudo, which is
unfortunate. Way
cool program.
When I set up an OpenBSD system, one of the first things I
do is create
a personal user for myself, put myself in the wheel group, configure
sudo to
From: Dave Feustel [mailto:[EMAIL PROTECTED]
What I dn't yet quite grasp is why there cannot be multiple
independent
instances of kde running, each one attached to a different
virtual terminal
(C0-C3) on the same computer. Then I could be logged on as
two different
users simultaneously,
From: mojo fms [mailto:[EMAIL PROTECTED]
I have not seen this error before so i was wondering if i might of
forgotten something with setting up these two new drives.
iris# mount /dev/wd1a /mnt
mount_ffs: /dev/wd1a on /mnt: Inappropriate file type or format
fdisk? disklabel? newfs? kernel?
From: Brad [mailto:[EMAIL PROTECTED]
I'm just curious what the point of sending the dmesg was?
It's not like people haven't been running OpenBSD under VMware for
years now. This isn't stating anything new.
Because its the Proper thing to do. Don't discourage thoroughness.
DS
From: Brad [mailto:[EMAIL PROTECTED]
From: Brad [mailto:[EMAIL PROTECTED]
I'm just curious what the point of sending the dmesg was?
It's not like people haven't been running OpenBSD under VMware for
years now. This isn't stating anything new.
Because its the Proper thing to do.
From: Terry Tyson [mailto:[EMAIL PROTECTED]
Generally, that is a bad situation. So, the advice to put
different types
of machines into different (protected) networks is good.
I only have one firewall but it is three legged, the DMZ box and the
LAN are seperate. Is this what you mean by
From: Miles Keaton [mailto:[EMAIL PROTECTED]
On 7/25/05, Lars Hansson [EMAIL PROTECTED] wrote:
FYI, we block *everything*, employees have to use our
proxyserver (squid)
to browse the web.
In a proxyserver like that, if someone tried to go to
http://somedomain.com:8765/ would it work?
From: Joe . [mailto:[EMAIL PROTECTED]
I think, quite the opposite, that it's fine the way it is. It's not
openbsd's fault that people fall prey to the stupid
knob-tuning game and
quite dumbly follow that line of thought. I think instead
that the other
OSes should be responsible for
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
I need to sniff a network segment and I need to sniff both
headers and
data. Because tcpdump captures only headers its unsuitable
for the task.
I saw that ports has ettercap and sniffit but I didn' get around to
testing them to see if
From: Alain Paschoud [mailto:[EMAIL PROTECTED]
I need to do a custom install CD with some standard and some home-made
packages. I created the boot CD as explained in
documentation, and added
some packages (mypackage-1.0.tgz) in 3.7/i386 path.
The CD boots well and the install process start.
I want to use an openbsd box as an ipsec gateway to my home LAN. The only
configuration it will support is a remote user setup, road-warrior style. I
plan on using the Greenbow VPN client or a similar VPN client on Windows
laptops to access the system. I want to use isakmpd on the gateway, and
From: Vivek Ayer [mailto:[EMAIL PROTECTED]
I have a very crappy computer that's been stripped of its HD and CDROM
drives. All that's left is a 1G of a RAM and floppy drive. I want to
put this computer to work. I was thinking of a floppy based solution.
I already have a firewall setup on
From: Dimitri Yioulos [mailto:[EMAIL PROTECTED]
Is there any way to salvage my current install, or should I
bite the bullet
and start again. If I start again, and choose whole disk, will it
obliterate the current partition scheme? Again, I'd rather
slice up the disk
myself, but I
From: Jim Mays [mailto:[EMAIL PROTECTED]
Where can I find more Ram Disk information on:
- what it is
- why I want to use it
- how to configure it
- how to know if is done right
I can't find a man page on Ram Disk, I can't find anything on
the web site
except for bug fixes in it.
From: Dmitry Andrianov [mailto:[EMAIL PROTECTED]
Actually, I'm using FreeBSD but to my understanding pf came
from OpenBSD
so I'm reporting my bug here.
The problem is that block return rules do not send packets using the
same interface the packet originally came from but use normal kernel
From: j knight [mailto:[EMAIL PROTECTED]
--- Quoting Spruell, Darren-Perot on 2005/06/29 at 11:16 -0700:
How does a firewall configured to NAT connections for the outside
interface on a given IP to an IP address behind the firewall handle
the ARP replies for those addresses
How does a firewall configured to NAT connections for the outside
interface on a given IP to an IP address behind the firewall handle
the ARP replies for those addresses to the upstream router?
In other words, I've seen on check point firewalls that a firewall
configured to NAT the destination
101 - 183 of 183 matches
Mail list logo
