sorry,
I've searched for announce, didn't find any.
[image: image.png]
hello,
what do you think of adding a faq item which will give example how /tmp (or
any other write intensive temp disk partition) can be stored in mfs drive?
Ilya Shipitsin
I apologise that I didn't predict such responces.
I was looking for real life examples, i.e. we use icmp timestamps
widely, because we use timed or a lot of devices like D-Link-NNN use
icmp timestamps.
I was not looking for theoretical possibilities that icmp timestamping gives.
I should mention
2013/10/11 Christian Weisgerber na...@mips.inka.de:
chipits...@gmail.com wrote:
actually, I'm not going to block icmp at all, I was curious why
net.inet.icmp.tstamprepl=1 by default.
So you can run timed, of course.
timed was removed from OpenBSD recently
As others have said, the time is
2013/10/11 Claudio Jeker cje...@diehard.n-r-g.com:
On Fri, Oct 11, 2013 at 08:44:36AM +0600, ??? wrote:
2013/10/10 Philip Guenther guent...@gmail.com:
On Thu, Oct 10, 2013 at 4:30 AM, ??? chipits...@gmail.com wrote:
I use ntp already.
So everyone can predict what your
I use ntp already.
I am about to switch icmp timestamps off (security people are afraid
of that setting), just curious what was the purpose of it.
2013/10/10 Theo de Raadt dera...@cvs.openbsd.org:
it turned out that OpenBSD allows icmp timestamping by default:
net.inet.icmp.tstamprepl=1
2013/10/10 Philip Guenther guent...@gmail.com:
On Thu, Oct 10, 2013 at 4:30 AM, Илья Шипицин chipits...@gmail.com wrote:
I use ntp already.
So everyone can predict what your machine would have sent in response
to an ICMP timestamp query, meaning that turning it off doesn't hide
anything
2013/10/11 Paul de Weerd we...@weirdnet.nl:
On Thu, Oct 10, 2013 at 05:30:39PM +0600, ??? wrote:
| I use ntp already.
| I am about to switch icmp timestamps off (security people are afraid
| of that setting), just curious what was the purpose of it.
Uhm .. why? Is your pf broken
Hello!
it turned out that OpenBSD allows icmp timestamping by default:
net.inet.icmp.tstamprepl=1
what was that done for ?
Cheers,
Ilya Shipitsin
Hello!
I'm investigating whether it is possible to block certain UDP signatures ?
Maybe, I'd like not to block them, but lower priority using ALTQ,
for instance, this kind of traffic:
http://www.wireshark.org/docs/dfref/b/bt-utp.html
traffic signatures are known.
Cheers,
Ilya Shipitsin
Hello!
after deploying windows 2012 we encountered that it enables ECN by
default and sometime it is a problem.
I studied pf guides, but I did not find whether it could strip ECN
flag (we use OpenBSD as routers) or not.
Cheers,
Ilya Shipitsin
Hello!
# ping6 www.ripe.net
PING6(56=40+8+8 bytes) 2001:1bb0:e000:d::2 -- 2001:67c:2e8:22::c100:68b
^C
--- www.ripe.net ping6 statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
# route get 2001:67c:2e8:22::c100:68b
route: 2001:67c:2e8:22::c100:68b: bad address
#
is
hmm, I never had that crashy linux daemon becomes stable when it is
started under OpenBSD.
can you tell me how to enable that feature ?
2013/7/17 Jan Stary h...@stare.cz:
On Jul 17 07:45:58, chipits...@gmail.com wrote:
Hello!
I used to run crashy daemons under respawn inittab capability on
Hello!
I used to run crashy daemons under respawn inittab capability on Linux.
Is there similar thing on OpenBSD ?
Cheers,
Ilya Shipitsin
well, vnc repeater (which I'd like to run that way) crashes about once a week.
I'm already debugging it (-ggdb + core dump settings).
I need some way to respawn it until I'll find out the reason it crashes.
2013/7/17 Theo de Raadt dera...@cvs.openbsd.org:
I used to run crashy daemons under
Hello!
I'm trying to profile long running application, however gmon.out never
grows more than 470k (I'm running OpenBSD-5.2/amd64 if that matters)
is there special trick for long running application profiling ?
Cheers,
Ilya Shipitsin
after playing with pip I came to:
r1n1:/root/pygraphviz/pygraphviz-1.1# python setup.py install
library_path=/usr/local/lib/graphviz
include_path=/usr/local/include/graphviz
running install
running build
running build_py
creating build
creating build/lib.openbsd-5.2-amd64-2.7
creating
Hello!
is there python GraphViz in ports ?
if so, what is name of port (I couldn't find any)
*type 'exceptions.ImportError'*: No module named gv
Cheers,
Ilya Shipitsin
math/p5-GraphViz http://openports.se/math/p5-GraphViz is for Perl.
math/graphviz neither contains subpackage nor flavor for Python.
how can I use information provided by you to install python bindings for
graphviz, can you describe step by step ?
2013/3/5 Janne Johansson icepic...@gmail.com
r1n1:/root# pkg_info -L py-dot-0.9.10p7 | grep gv.py
r1n1:/root#
gv.py still not found
2013/3/5 James Hartley jjhart...@gmail.com
On Tue, Mar 5, 2013 at 4:12 AM, éÌØÑ ûÉÐÉÃÉÎ chipits...@gmail.com wrote:
math/p5-GraphViz http://openports.se/math/p5-GraphViz is for Perl.
math/graphviz
thank everybody, I'll continue with pip. or easy_install.
2013/3/5 James Griffin j...@kontrol.kode5.net
[- Tue 5.Mar'13 at 13:11:56 +0200 Gregory Edigarov :-]
On 03/05/2013 11:49 AM, éÌØÑ ûÉÐÉÃÉÎ wrote:
Hello!
is there python GraphViz in ports ?
if so, what is
I meant OpenBSD feature to use only CPU00 for network things.
and I am afraid it could cause network issues when some process works on
CPU00 as well.
2013/1/22 Gregory Edigarov ediga...@qarea.com
On 01/22/2013 12:55 PM, Gregor Best wrote:
On Tue, Jan 22, 2013 at 07:56:22PM +1000, David
Hello!
I'mtrying to figure out whether or not my em cards are set up for high
performance.
ifconfig em0 hwfeatures does not show nothing on rx/tx checksum, neither
man pages on ifconfig and em explain how to do that.
I notice network delays on very moderate bit rates, say 500mbit or even
less,
I appreciate your attention for homeopathy and astrology, however I see no
relation of those to CPU00.
Maybe modern processors will handle that stuff, I don't know.
I'm running https web reverse proxy.
at 200-500mbit scale, I see 3500 interrupts per second at em0, em1, also 12
cpus are running at
Hello!
I'm investigating how program should set cpu affinity, is there any
examples ? (I didn't find any except the commit that adds cpu affinity
thing, but there's no user space documentation, no utility, no man page).
cheers,
Ilya Shipitsin
I'm trying to keep CPU00 for network things, and avoid using it for user
applications (there're lots of CPUs).
is it possible to achive it without CPU affinity ?
2013/1/22 Brad Smith b...@comstyle.com
On Tue, Jan 22, 2013 at 09:25:04AM +0500, ??? wrote:
Hello!
I'm investigating
I'm running multi-homed firewal.
at every single moment only one interface belongs to egress group.
is it possible to do something like that
match out from 192.168.0.0/16 to ! 192.168.0.0/16 nat-to (egress)
?
Cheers,
Ilya Shipitsin
Yahoo!!
3 days without single hang when running apmd -H
2012/10/12 Peter Hessler phess...@theapt.org
I have seen some hangs when apmd -C changes cpu speed in very specific
situations. For testing purposes, switch to -L or -H.
On 2012 Oct 12 (Fri) at 16:44:14 +0600 (+0600), éÌØÑ ûÉÐÉÃÉÎ
the tricky thing here is MAC-address.
it is 01:00:5e, which mimics Microsoft NLB in multicast IGMP mode.
first octet, 01, means it is multicast, which is very rare case
(comparing to unicast and broadcast).
most switches treat multicast in the same way as broadcast, i.e. delivering
packets to
... and I'm running apmd -C if that matters.
could it cause problems ?
2012/10/12 Christiano F. Haesbaert haesba...@haesbaert.org
On 11 October 2012 08:30, éÌØÑ ûÉÐÉÃÉÎ chipits...@gmail.com wrote:
Hello!
we recently installed OpenBSD/amd64 on Supermicro X9DR3-F, it hangs
about 1
times
ok. I figured out, it is X9DR3-F with a couple of external cards (NIC
82574L and RAID LSI 9261-8i, which I thougth is internal, because it
identifies itself as megaide)
I tried to run in UKCverbose, but it took me about an hour of debug
without getting to Login: prompt, so I gave up with that
pardon, didn't pay attention to mfii(4), what's that ?
# man -k mfii
mfii: nothing appropriate
# grep -i mfii /var/run/dmesg.boot
#
2012/10/12 Christiano F. Haesbaert haesba...@haesbaert.org
On 11 October 2012 08:30, éÌØÑ ûÉÐÉÃÉÎ chipits...@gmail.com wrote:
Hello!
we recently
Hello!
we recently installed OpenBSD/amd64 on Supermicro X9DR3-F, it hangs about 1
times a day.
5.1 does not understand i350 chip, so we put external Intel PRO/1000 MT
(82574L) nic.
we have ddb.panic=1, but no ddb appears on screen on hang.
also, it says savecore: no core dump during boot.
we
ÓÒÅÄÁ, 10 ÏËÔÑÂÒÑ 2012 Ç. ÐÏÌØÚÏ×ÁÔÅÌØ Nick Holland ÐÉÓÁÌ:
On 10/09/2012 12:55 PM, éÌØÑ ûÉÐÉÃÉÎ wrote:
Hello!
I'm investigating /etc/rc script. And I found the following there:
if [ -e /fastboot ]; then
echo Fast boot: skipping disk checks.
elif [ X$1 = Xautoboot ]; then
2012/10/11 Otto Moerbeek o...@drijf.net
On Thu, Oct 11, 2012 at 05:10:19PM +0600, ??? wrote:
?, 10 ??? 2012 ?. Nick Holland ?:
On 10/09/2012 12:55 PM, ??? wrote:
Hello!
I'm investigating /etc/rc script. And I found the following
2012/10/11 Jan Stary h...@stare.cz
Is it possible to mount dirty filesystem in read-only mode ? If not,
it
doesn't make sense at all.
Yes, you can mount dirty filesystem with -f. Even read-write iirc.
Very dangerous.
I'm struggling with 7Tb filesystems, it takes about 30
2012/10/11 Nick Holland n...@holland-consulting.net
...
I'm struggling with 7Tb filesystems, it takes about 30 minutes to check
them in case of cold reset. Too much. Very too much.
and currently, no journals or anything else which could speed up 7Tb
filesystems check ?
Almost always (in
2012/10/11 Jiri B ji...@devio.us
On Thu, Oct 11, 2012 at 09:29:50PM +0600, �л�� Шипи�ин
wrote:
there are http access logs for half an year.
it's easier to rotate them on a single filesystem from many points of
view,
we also share it via samba (very tricky to share many
2012/10/11 Kenneth R Westerback kwesterb...@rogers.com
On Thu, Oct 11, 2012 at 12:30:56PM +0600, ??? wrote:
Hello!
we recently installed OpenBSD/amd64 on Supermicro X9DR3-F, it hangs
about 1
times a day.
5.1 does not understand i350 chip, so we put external Intel PRO/1000 MT
ÓÒÅÄÁ, 10 ÏËÔÑÂÒÑ 2012 Ç. ÐÏÌØÚÏ×ÁÔÅÌØ Nick Holland ÐÉÓÁÌ:
On 10/09/2012 12:55 PM, éÌØÑ ûÉÐÉÃÉÎ wrote:
Hello!
I'm investigating /etc/rc script. And I found the following there:
if [ -e /fastboot ]; then
echo Fast boot: skipping disk checks.
elif [ X$1 = Xautoboot ]; then
Hello!
I'm investigating /etc/rc script. And I found the following there:
if [ -e /fastboot ]; then
echo Fast boot: skipping disk checks.
elif [ X$1 = Xautoboot ]; then
echo Automatic boot in progress: starting file system checks.
hmm... if I put /fastboot, no filesystem will
Great!
04.10.2012 16:52 ÐÏÌØÚÏ×ÁÔÅÌØ Henning Brauer lists-open...@bsws.de
ÎÁÐÉÓÁÌ:
* Tyler Morgan tyl...@tradetech.net [2012-10-02 18:31]:
which links to: http://www.openbsd.org/faq/pf/filter.html#synproxy
which gets far from saying what Henning said.
this has been fixed.
--
Henning
2012/8/23 Claudio Jeker cje...@diehard.n-r-g.com
On Thu, Aug 23, 2012 at 12:17:04AM +0600, ??? wrote:
Hello!
we are running high load https server on OpenBSD, so there are questions
on
performance:
since we already had to increase kern.maxclusters value, I guess default
Hello!
we are running high load https server on OpenBSD, so there are questions on
performance:
since we already had to increase kern.maxclusters value, I guess default
OpenBSD settings are not very well for high load https server ?
in order to protect our server from denial of service, we can
Hello!
I remember some early 5.1 snapshot which installed and successfully run
without /etc/fstab
however, 5.1-RELEASE came with /etc/fstab
it would be nice to move system from one server to another without having
to bother about /etc/fstab (I moved several of them due to buggy hardware).
is it
Look at www.fwbuilder.org
It is good. It even has commercial support if you like.
ÓÒÅÄÁ, 4 ÉÀÌÑ 2012 Ç. ÐÏÌØÚÏ×ÁÔÅÌØ C. L. Martinez ÐÉÓÁÌ:
Hi all,
I wonder if with OpenBSD is possible to create virtualized firewalled
implementations of conventional physical topologies and designs such
as
Hello!
it works for em0, if I put DHCP in hostname.em0
is it possible to do with trunk0 ?
can anybody give working example ?
Cheers,
Ilya Shipitsin
Hello!
I managed to get ftp through PF working either without ftp-proxy ...
match in inet proto tcp from any to $external port = ftp rdr-to $internal
port 21
match in inet proto tcp from any port = ftp-data to $external port
1024:65535 rdr-to $internal port 1024:65535
match in inet proto tcp
Hello!
is anybody running multiple instances of ftp-proxy in reverse mode?
I'd afraid of anchor ftp-proxy/*, ftp-proxy doesn't allow to specify
anchor, also, many instances of ftp-proxy can break each others anchors.
can somebody provide me with example of multiple ftp-proxies ?
Cheers,
Ilya
Hello!
I tried to use
/big/nginx/*.log644 100 10 * Z
/var/run/nginx.pid SIGUSR1
in order to rotate many files at once, but even newsyslog -v show nothing.
is it possible to use patterns with newsyslog ?
Cheers,
Ilya Shipitsin
Hello!
I'd like to see every program (with program name) that listen something on
network. I can achive that on Linux by running netstat -lpn, like that
server:~# netstat -lpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
nginx is great piece of software, but it doesn't do CGI, how users will run
bgplg, for example ?
28 MARTA 2012 G. 18:39 POLXZOWATELX Kevin Chadwick
ma1l1i...@yahoo.co.ukNAPISAL:
Knowing nginx is on it's way to base and having just seen some fixes
for nginx on gentoo (some CVES from 2009).
Is
it doesn't match the FAQ, but it works.
my fail was using nat from 192.168.0.0/16 to !192.168.0.0/16 and it
affected CARP traffic, because of its multicast nature (it matched !
192.168.0.0/16)
not many people read FAQ actually.
I like the idea of OpenBSD just to work out of a box, it's more
we tried those certs. they are not trusted by mobile devices.
and those certificates are free only for 3 months (you are supposed to buy
them after that).
so, it's marketing stuff, not a real deal.
5 MARTA 2012 G. 13:49 POLXZOWATELX Hugo Osvaldo Barrera
h...@osvaldobarrera.com.ar NAPISAL:
On
I'd agree that 100% paranoic will never trust hardware vendor as well. Only
own manufactured components should be used in conjunction with md5/sha1
checksum evaluation and source code audit.
5 MARTA 2012 G. 17:00 POLXZOWATELX Rudolf Leitgeb
rudolf.leit...@gmx.atNAPISAL:
Am Montag, 5. MC$rz
5 MARTA 2012 G. 21:55 POLXZOWATELX Tomas Bodzar
tomas.bod...@gmail.comNAPISAL:
On Mon, Mar 5, 2012 at 3:27 PM, Kenneth R Westerback
kwesterb...@rogers.com wrote:
On Mon, Mar 05, 2012 at 07:04:06AM +0100, Tomas Bodzar wrote:
On Mon, Mar 5, 2012 at 3:04 AM, Theo de Raadt
6 MARTA 2012 G. 0:15 POLXZOWATELX Bob Beck b...@openbsd.org NAPISAL:
they didn't say that Theo refused to sign any paper. Just wonder, what
kind
of responsibilty that paper was about ? Accepting student's code to
OpenBSD
code base or something ?
No, it's actually about personal
29 FEWRALQ 2012 G. 8:44 POLXZOWATELX Nathan Stiles
stiles.nat...@gmail.comNAPISAL:
Hello,
I've recently installed 5.0 and based upon my experience
I expected a checksum to be posted for the ISO.
Also I've noticed that HTTPS isn't implemented on openbsd.org.
I was also expecting the checksum
thank to Camiel Dobbelaar, carp log at 6 shown ip_output problem, which
lead me to:
pass quick proto carp no state
it did the job (I still do not understand how forewall passed 6 interfaces
and blocked 7th, need to have a closer look, but after that rule everything
became ok,
pf stopped
Hello!
I observe strange problem on Supermicro X8DTN+-F with OpenBSD-5.0/amd64,
when I reboot it, sometime it gets broken, i.e. it doesn't start, I
cannot manage it via IPMI.
I suspect cpu microcode (it is put via ACPI into unconditional state), is
there a way to install microcode on OpenBSD ?
I do not check the code :-)
but every paranoid user who doesn't trust to ISP (they could swap ISO
image), who doesn't trust to public SSL companies (they are known to sell
google certificate to Iranian goverment), who doesn't trust post office
(they could swap CDs), who doesn't trust to
I permormed tcpdump on appropriate vlan on BOTH SERVERS, I see on
advskew=200 announces. MASTER with advskew=0 does not do any
advertisement.
22:22:37.296866 CARPv2-advertise 36: vhid=60 advbase=1 advskew=200 demote=2
(DF) [tos 0x10]
22:22:39.096900 CARPv2-advertise 36: vhid=60 advbase=1
hello!
we are running CARP-ed load balancers (carp over different vlans).
it was running just great with 6 carp addresses.
when we added 7th, randomly we get MASTERs on both server for certain carp
interface. After reboot we can get different carp interface on dual MASTER
state, and so on.
carp
no, I copied hostname.carpXX, just added advskew 200
parameters are the same.
2 MARTA 2012 G. 15:25 POLXZOWATELX Otto Moerbeek o...@drijf.net NAPISAL:
On Fri, Mar 02, 2012 at 01:53:17PM +0500, ??? wrote:
hello!
we are running CARP-ed load balancers (carp over different vlans).
hello!
today we encountered situation with faulty drives.
we met it earluer, but today was very strange, carp was running, but
applications were not running due to disk failure.
it seems that carp firewall/router is a good solution, but running
applications on carp server is not very good.
does
That worth publishing at undeadly.org, I think
16.02.2012 4:57 POLXZOWATELX frantisek holop min...@obiit.org NAPISAL:
hi there,
i wanted to try at least a hello world on android.
so i installed some linux on a usb stick to use as a
mobile development environment. it went rather well,
using
Hello!
is anybody using linux xterm (or gnu terminal) + openbsd vi ?
it breaks home/end keys.
Google says things about utf-8 and non-utf8 terminals, some people tell to
fix terminfo/termcap.
I do not have any idea, what exactly to fix there.
I tried things, without result.
any advice ?
Ilya
I wonder if /etc/rc.conf.local included into hostname.xxx scripts ?
if so, I could use
advskew=100 in rc.conf.local and
$advskew in hostname.xxx later
14 FEWRALQ 2012 G. 23:29 POLXZOWATELX Stuart Henderson
s...@spacehopper.orgNAPISAL:
On 2012-02-13, P P;Q Q P(P8P?P8Q P8P=
Hello!
I'd like to sync /etc/hostname.carpXXX files between MASTER and BACKUP, the
only difference, of course is advskew paramter. Is there a way to specify
it in different config file ?
I seen bug report on fwbuilder (www.fwbuilder.org), which describes
something called create_args_carp0, but
Dear Sirs,
I wonder .. if I apply for GSoC2012 mentoring (GVRP/MVRP for OpenBSD and
BFD for OpenBSD), how does it look from OpenBSD point of view ?
will code be accepted by community ? any licensing issue ?
Cheers,
Ilya Shipitsin
guys, it was so funny to see you biting each other.
come on, can you do it one more time, please ?
2012/1/23 Nico Kadel-Garcia nka...@gmail.com
On Sun, Jan 22, 2012 at 5:38 PM, L. V. Lammert l...@omnitec.net wrote:
On Sun, 22 Jan 2012, Philip Guenther wrote:
snip the BS
There is no
Hello!
we are running carp-ed load balancers on openbsd. we are pretty happy with
fast switchover via carp.
however, we'd like to serve static (uploaded via ftp) content from those
servers.
I see two scenarios
a) files are uploaded to carp master, we run rsync every minute, which
pushes content
hello!
does OpenBSD support GVRP ?
Cheers,
Ilya Shipitsin
Hello!
I'm running OpenBSD with CARP (and because of CARP), 10 servers in total.
Some of them preemt=1, some with preemt=0
I'd like to know that spare CARP server is up and running (and will play it
part when master server die).
questions are
1) how to detect that server is master? any other
well, I need to make question more certain.
we are using nagios for monitoring and it is running on separate server. we
do not want to monitor server from inside.
we want to run run something via ssh and see whether carp peer is dead or
not.
probably we do not want to determine that we are carp
well, it's usually not possible.
we use OpenBSD, because it supports carpdev option (FreeBSD does not
support it)
most of our carp clusters run on single address. no spare IP space.
we could do ssh and ping carp peer (some trouble with preemption), but we
do not want to stick with certain IP
RFC1918 addreeses are not routable.
there's no problem for carp peers to ping each other, I just cannot ping
both of them from Internet (where nagios is located)
the problem is to specify each peer's address in nagios config, I do not
want to depend on 10.0.0.2 for cluster1 peer and so on.
sounds nice.
I came to somewhat similar. Just ssh to external address and ping both carp
peers (via internal addresses), if there're less than 2 answers, we are in
trouble.
your idea is also good.
2012/1/13 Nick Holland n...@holland-consulting.net
ok, let's try this idea...
Your systems
2012/1/2 Christian Weisgerber na...@mips.inka.de:
Ilya Shipitsin chipits...@gmail.com wrote:
I'm running servers with em NICs. People on list reported things
like
hwfeatures=8037CSUM_IPv4,CSUM_TCPv4,CSUM_UDPv4,VLAN_MTU,VLAN_HWTAGGING,WOL
,
I do not see such options in ifconfig output.
Try
Hello!
I'm running servers with em NICs. People on list reported things
like
hwfeatures=8037CSUM_IPv4,CSUM_TCPv4,CSUM_UDPv4,VLAN_MTU,VLAN_HWTAGGING,WOL,
I do not see such options in ifconfig output. neither man page on em
says anything about check sum offload.
em are advanced cards, do they
Hello!
I'm runnning BGP server which is also dns resolver.
so, host can go to internet using 2 addresses
a) vlan379, which is connected to bgp peer
b) vlan200, which is my own routable network
bgp peer is strange. it permits only bgp and icmp traffic over
vlan379, the rest is silently dropped.
we hare 3 ISPs. and we are running haproxy (which is similar to
relayd, proxies tcp connections from Internet to LAN).
so, with rdomains we need to
a) run 3 instances of haproxy (route -T 2 exec
/usr/local/sbin/haproxy, and so on)
b) all of haproxy will access LAN, which can belong to just one
Hello!
I used to run FreeBSD and Linux for years, but not that familiar with
OpenBSD yet.
we are running buggy server (I suspect RAM), it hangs sometimes and it
takes about 30 minutes to fsck 7Tb partition.
however, there are very few files and folders yet.
is there a way to speed up fsck ? some
am I right that OpenBSD does NOT use device polling like FreeBSD or
Linux (called NAPI) do ?
any router (even at 10G rate) will perfectly work without polling ?
specially, I have a router (100-200Mb rate now) on Broadcom BCM5721
which is bge and Intel PRO/1000 QP (82571EB) which is em.
those
thank everyone.
routing domains seem to be much more powerful than I need.
I just needed outgoing packets through the appropriate interface, it
can be achived by reply-to thing in PF.
but I'll keep an eye on rdomains for some future use.
2011/12/21 Henning Brauer lists-open...@bsws.de:
well
hello!
I'm running multihomed server (two servers in carp cluster).
say carp5 is default route and carp2 is another ISP. I want to see
outgoing packets in the interface they came in. I supposed, it could
be done using reply-to pf keyword.
however, I'm not sure reply-to is runnung well with carp.
Hello.
I'm running multihomed OpenBSD server:
vlan5/carp5 - default
vlan2/carp2 and vlan4/carp4 are connected to other ISPs.
when there's no rdomain thing, everything seems to be working, except
all outgoing packets goes through vlan5/carp5.
so, I did
f2n0:/root#cat /etc/hostname.vlan2
vlan
how fsck -p -y will work?
manual says -p quits on major problem, will -y make it assume
yes or just quit?
2011/12/15 Kenneth R Westerback kwesterb...@rogers.com:
On Thu, Dec 15, 2011 at 09:55:47AM +0100, Sebastien Maerker, Continum wrote:
Hello,
it is possible, like in FreeBSD, to do an
Hello!
we are using linux bonding (thing called trunk in openbsd) and
there's very interesting feature called arp_ip_target, custom ip is
being monitored via several links.
can OpenBSD CARP or trunk work in that way ?
cheers,
Ilya Shipitsin
hello!
screen and dmesg output attached.
what could it mean ?
Ilya Shipitsin
OpenBSD 5.0 (GENERIC.MP) #63: Wed Aug 17 10:14:30 MDT 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 137428860928 (131062MB)
avail mem = 133756428288 (127560MB)
mainbus0 at root
Dear Sirs,
I added couple of rules to pf config file
xxx:/root# grep skip /etc/pf.conf
set skip on enc0
set skip on lo0
xxx:/root# pfctl -f /etc/pf.conf
xxx:/root#
but I do not find skip in pfctl -s rules output:
xxx:/root# pfctl -s rules | grep skip
xxx:/root#
is it ok ?
Cheers,
Ilya
server is 4.9/amd64
source is CVS/4.9
cd /usr/src
make build
is it ok that system cannot build itself from source ?
building shared object objc library
ranlib libobjc_pic.a
building shared objc library (version 5.0)
cc -shared -fpic -o libobjc.so.5.0 `lorder archive.so class.so
encoding.so
DESTDIR was the reason of mess.
unset DESTDIR solved the problem
2011/10/10 Stuart Henderson s...@spacehopper.org:
You polluted your source directory by building without 'make obj'.
Simplest is to wipe it, make a fresh checkout, and this time follow
section 5.3.5 from
Dear Sirs,
I need to configure ipv6 over carp interface. It seems that carp doesn't
like things in one line
ifconfig carp470 vhid 70 pass xxx carpdev vlan470 advskew 20 inet6
2a00:1a70:80:470::2 prefixlen 128
it says something wrong about ipv6. don't have any idea why. so, one-line
config for
each single part is unclear
2011/2/6 Stuart Henderson s...@spacehopper.org:
On 2011-01-27, ??? chipits...@gmail.com wrote:
I tried to investigate a liitle...
2) my AS is 49675, 91.142.140.0/24 at location A and
193.169.238.0/24 at location B, there are announces on rib
R0N0#bgpctl
I tried to investigate a liitle...
1) how do I enable logging ? I used log updates and -v flag. not a
bunch of diagnostics...
2) my AS is 49675, 91.142.140.0/24 at location A and
193.169.238.0/24 at location B, there are announces on rib
R0N0#bgpctl show rib | grep 49675
91.142.140.0/24
Try bgpctl sh fib | grep your_prefix
it's not there
R0N0#bgpctl sh fib | grep 91.142.140
R0N0#
it's reachable only via default route:
R0N0#route -n get 91.142.140.254
route to: 91.142.140.254
destination: default
mask: default
gateway: 80.78.109.138
interface: carp102
if
Dear Sirs,
we are running our AS in many locations (say AS65000)
(location 1, AS65000, network n1.n1.n1.n1) Internet ---
(location 2, same AS65000, network n2.n2.n2.n2)
when we were running quagga, allowas-in made the work. otherwise
there was no route except default between two locations.
Hello!
does anybody run dns server on CARP interface ?
Cheers,
Ilia Chipitsine
hello!
can you provide more details ?
1. what is dns software ?
2. how two copies of dns server (on master and backup) are replicated ?
3. any carp hooks on switching ?
cheers,
Ilia Chipitsine
2010/9/20 Henning Brauer lists-open...@bsws.de:
* ??? chipits...@gmail.com [2010-09-20
1 - 100 of 115 matches
Mail list logo
