On Fri, Nov 14, 2008 at 11:41:03AM +0100, David Vasek wrote:
I am always getting similar transfer speeds (up to 5MB/s) under OpenBSD
(and the same with NetBSD) with external USB hard disks too, while the
real transfer speed under some other OS's (Linux, Windows) is around 28
MB/s on the
On Wed, Oct 29, 2008 at 04:14:22PM -0400, Douglas A. Tutty wrote:
I'll be setting up a new box for the house and I want to use OpenBSD for
it, both for its security and since it will be an older box it will run
better than with Debian.
Roles:
main firewall for dialup internet access.
sudo which slaptest will tell you where in your PATH slaptest is. add that to
your root's PATH and it will work.
also, depending on you are invoking the root shell .profile might not be
executed at all.
On Fri, Oct 24, 2008 at 10:42:10AM +0200, [EMAIL PROTECTED] wrote:
On 10/23/08, Almir Karic
most likelly /usr/local/sbin is not in your root's PATH, do
PATH=$PATH:/usr/local/sbin as root and slaptest should be found.
On Thu, Oct 23, 2008 at 04:50:30PM +0200, soko.tica wrote:
I've been trying to set OpenBSD 4.3 (release) primary domain
controller according to howto o Danielle
ifconfig -M
On Mon, Oct 20, 2008 at 11:57:41AM +0400, Dmitrij D. Czarkoff wrote:
Hi, all!
How can I query available wireless networks in OpenBSD (the thing You do with
iwlist ifname scan in linux)?
--
Dmitrij D. Czarkoff
P.S.: Please cc me as I'm not on a list.
On Tue, Oct 14, 2008 at 03:22:32PM +0200, Tomas Bodzar wrote:
Hi all,
have you same problem ? Look at $ls -lF /bin
There is a [* and test* ,both binaries do the same and cmp(1) says,that
they are same.
Am I missing something or it's bug?
you are missing the lesson in history in unix
ktrace.
On Fri, Sep 19, 2008 at 09:41:58AM -0300, Gonzalo Lionel Rodriguez wrote:
Hi everybody, somebody say to me what is the equivalent to 'strace' for
OpenBSD?
Regards.
Gonzalo.
--
vi vi vi -- the number fo the beast
On Mon, Aug 25, 2008 at 11:05:38AM +1000, Mikel Lindsaar wrote:
Hello list,
I have purchased and read the book of PF (good book by the way) as
well as the man pages, and I have a question that I have not been able
to find a definitive answer on:
Does PF only evaluate every packet against
On Mon, Jul 28, 2008 at 09:18:39AM +0100, Charlie Clark wrote:
openbsd misc wrote:
interessting point. How about dumping it to a file or something so you are
able to check what was loaded last time (e.g. a file with 400 under
/var/whatever)?
What I want is, I have a script that when I
On Wed, Jul 23, 2008 at 01:17:04PM -0700, Parvinder Bhasin wrote:
Hi,
I am stuck at this situation:
Where I have a domain: abc.com :
I would like to have user who type http://abc.com (without the www)
redirected to a a different site for example : www.xyz.com
Redirection for
On Wed, Jul 23, 2008 at 04:33:27PM +0900, Hari wrote:
Hello. I just finished installing OpenBSD 4.3. The dhcp setup during
network configuration was fine, meaning, IP address was properly
assigned. I went ahead with the default values provided. However,
after rebooting post installation, I am
On Wed, Jul 16, 2008 at 05:10:46PM -0500, Marco Peereboom wrote:
Yes it is. To illustrate the stupidity and pointlessness of this all.
Linus is a troll, we know, who cares?
insulting anyone is IMHO hardly ever necessary/good, trolling (of known
folks, such as linus and rms) is (again IMHO)
On Wed, Jul 16, 2008 at 02:03:00PM -0500, Marco Peereboom wrote:
debian users are masturbating amoebas
is this really necessary? and if so why?
i have a lenovo 3000 N200, and i can't seem to get sound to work. when i
play an mp3 with either mp3blaster or mplayer it seems to play just
fine, but i don't hear any sound comming from the speakers, here are
dmesg (i only added AZALIA_DEBUG option to GENERIC configuration), audioctl -a
and
On Wed, Jun 4, 2008 at 5:49 AM, Matt Garman [EMAIL PROTECTED] wrote:
What I'd like to do is have my OBSD box to NAT on the tun device
(VPN tunnel). I.e., so I can use the VPN connection seamlessly from
any system on my home network.
basically you want to route your traffic encrypted to your
On Fri, May 23, 2008 at 9:37 AM, Marc Espie [EMAIL PROTECTED] wrote:
As far as perl goes, it's about the only language that fit the bill.
The older pkg_* were totally impossible to maintain and extend, and
I needed a sensible script language that was in base.
at the risk of starting a flame
On Fri, May 23, 2008 at 1:37 PM, Stephan Andreas [EMAIL PROTECTED] wrote:
Default is block in and out on $ext_if.
Is it a problem with the bridge?
yes, bridges tend to do funny things. in any case add 'log' to your
default block rule and check ''tcpdump -n -e -ttt -i pflog0'' (i read
it in the
On Fri, May 23, 2008 at 1:40 PM, Zhivko Tashev [EMAIL PROTECTED] wrote:
Hi,
I'm using OpenBSD 4.2 GENERIC and postfix-2.5.20070531-sasl2-mysql (from
ports).
Postfix is configured only as SMTP transfer agent.
Couple of days ago, postfix started generating the following error message:
(Host or
On Wed, May 21, 2008 at 9:36 PM, Kendall Shaw [EMAIL PROTECTED] wrote:
232 what?
2^32
--
For far too long, power has been concentrated in the hands of root
and his wheel oligarchy. We have instituted a dictatorship of the
users. All system administration functions will be handled by the
On Mon, May 12, 2008 at 6:40 AM, sonjaya [EMAIL PROTECTED] wrote:
so i have some question :
- In PIX FW cisco i just make translate ipublic to ip dmz , so how do
it in pf without ip alias in wan interface?
AFAIK you can't. why would you want to do that?
--
For far too long, power has been
On Mon, May 5, 2008 at 8:25 AM, Parvinder Bhasin
[EMAIL PROTECTED] wrote:
Hi,
I was wondering if there was to get some colors inside the regular terminal
(not Xterm or Xorg).
I know if I alias colorls it sort of works for just listing directories and
files but I would like to customize the
On Sun, May 4, 2008 at 12:12 PM, Pieter Verberne
[EMAIL PROTECTED] wrote:
Uhm, dunno what IIRC is.. But wouldn't it be just great to put anything
like this in a file's header? :
# This file is in public domain
or even better:
# public domain
So IIRC requires the full license? That's a
On Fri, Apr 18, 2008 at 3:20 PM, Jurjen Oskam [EMAIL PROTECTED] wrote:
So ps does show FOO, *and* it shows the value of FOO changing after
ten seconds.
what is so weird about it? you set your program an env var via env(1)
for first ten seconds it has that env var, than the putenv(3) call
On Mon, Apr 14, 2008 at 2:59 PM, Stuart Henderson [EMAIL PROTECTED] wrote:
On 2008-04-14, Almir Karic [EMAIL PROTECTED] wrote:
On Sun, Apr 13, 2008 at 7:45 PM, Barry Commander
[EMAIL PROTECTED] wrote:
Hi
In order to allow wireless clients both IPv4 and IPv6 access to my
wireless
On Sun, Apr 13, 2008 at 7:37 PM, Manuel Heckel [EMAIL PROTECTED] wrote:
Hi,
me again here. if it's the wrong place to ask, please tell me.
i still have problems with vsftp and ssl, but i don't think it's a
problem of vsftpd. from my intern lan everything works fine, just from
outside
On Fri, Apr 4, 2008 at 10:07 AM, Parvinder Bhasin
[EMAIL PROTECTED] wrote:
I am writing up a script to automatically increment the serial number of
bind dns zone file , but I am running across issues doing in place
substitution with either sed or even perl for that matter. I can do this
On Fri, Mar 21, 2008 at 9:27 PM, Ed Flecko [EMAIL PROTECTED] wrote:
Hi folks,
I'm reading a book on network security and it mentions proxy
firewalls, so I'm wondering if an OpenBSD box with Squid installed
would fit this description? Or, are there other proxy firewalls the
author is
On Wed, Mar 19, 2008 at 11:12 AM, Barry Commander
[EMAIL PROTECTED] wrote:
Doesn't NFS mean restricting root access on each client in order to prevent
people accessing other files? Is there a way (short of restricting root
access)
to prevent this?
RTFM. -maproot is what you want, see
On Wed, Mar 19, 2008 at 11:27 AM, Barry Commander
[EMAIL PROTECTED] wrote:
You could still either su to the user whos files you want from root, or you
could map their UID.
Both would allow you access to other users files.
yep, welcome to the wonderful world of NFS :-), a toy such as kerberos
On Mon, Mar 17, 2008 at 11:26 PM, Dave Beckstrom [EMAIL PROTECTED] wrote:
Hi Everyone,
I have an OpenBSD 3.3 transparently bridged packet filtering firewall. I
would like to enable a VPN connection through the firewall into a Win2K3
server that sits behind the firewall.
I am finding
i would like to thanks you two, thanks :-)
''use the bridge, luke'' was the hint i needed, i found everything
else on google and in the relevant man pages.
the firewall is mostly already configured, it will soon be replacing
our current linux router, the firewall rules are *much much much*
On Tue, Mar 11, 2008 at 8:59 AM, Sunnz [EMAIL PROTECTED] wrote:
2008/3/11, Karl Karlsson [EMAIL PROTECTED]:
Just use the same uid/gid on the client as you have in your export file.
As simple as that.
But... the user account on the clients already has their own
uid/gid... do
On Thu, Mar 6, 2008 at 1:39 AM, Stuart Henderson [EMAIL PROTECTED] wrote:
On 2008-03-05, Stuart Henderson [EMAIL PROTECTED] wrote:
On 2008-03-05, Jussi Peltola [EMAIL PROTECTED] wrote:
On Wed, Mar 05, 2008 at 11:28:16AM +, Stuart Henderson wrote:
There are ways, but they're hacks,
On Fri, Mar 7, 2008 at 12:53 PM, Stuart Henderson [EMAIL PROTECTED] wrote:
hm, maybe i misunderstanding the concept of a bridge, but from
what i read you can assign an IP to $ext_if, and bridge (and filter
off course) the $dmz_if to $ext_if ? where is the extra IP wasted?
Because
this is the deal, i am designing the network and i have some
questions, regarding route (OBSD 4.2) setup. the relevant interfaces
are $dmz_if (uplink for the servers in DMZ) and $ext_if the router
uplink.
the idea is to save one external IP by NOT assigning an external IP to
the $dmz_if, is it
On Wed, Mar 5, 2008 at 11:04 AM, Stuart Henderson [EMAIL PROTECTED] wrote:
On 2008-03-05, Almir Karic [EMAIL PROTECTED] wrote:
this is the deal, i am designing the network and i have some
questions, regarding route (OBSD 4.2) setup. the relevant interfaces
are $dmz_if (uplink
On Wed, Mar 5, 2008 at 12:43 PM, Jussi Peltola [EMAIL PROTECTED] wrote:
On Wed, Mar 05, 2008 at 11:28:16AM +, Stuart Henderson wrote:
There are ways, but they're hacks, and harder to get right than NAT or
asking for another address. (And if you're already using NAT, you'll be
i did all the things reccommanded by the summary section of raidctl(8)
(i even tried changing the 'a' partition to 'e', to be the same as in
the man page, no luck), i also tried following
http://unixsadm.blogspot.com/2007/10/openbsd-raidframe-mirror-software-raid.html
no change either.
my
pf is probably the problem, 'keep state' is assumed unless
explicitelly stated otherwise.
On 7/6/07, Heinrich Rebehn [EMAIL PROTECTED] wrote:
Hello list,
after using ipsec for some years now, i never experienced an upgrade
breaking it. But after after moving to 4.1 (new install) i can not
On 6/29/07, Matt [EMAIL PROTECTED] wrote:
2) Chroot jails / limited shells - do's and don'ts
I understand the implications of chroot jails. I understand they are not
worth the risk. Which is a shame really as they bring certain
functionality (or limits if you will) that I would consider nice to
On 6/29/07, Daniel Ouellet [EMAIL PROTECTED] wrote:
3) Mail setups
I can find lots of setups with virtual mailusers. I have been
succesfully using a Courier-imap/Postfix/MySQL setup for several years
now, connected to a webbased mailmanagement tool.
If I was to drop all that in favor of a
On 6/29/07, Daniel Ouellet [EMAIL PROTECTED] wrote:
Almir Karic wrote:
if you have trully big setups you might wanna look at ldap, from what
i've heard/read it should perform well under heavy read intensive
operations.
I always see a lots of LDAP talks and some documents on it for many
On 6/29/07, Brian Candler [EMAIL PROTECTED] wrote:
Given that your on-board LAN isn't working either, maybe the motherboard has
a serious fault. But you might not be able to return it until you can prove
that *Windows* can't find any network cards either :-)
that's simple, create a screen
On 6/27/07, Theo de Raadt [EMAIL PROTECTED] wrote:
At this time, I cannot recommend purchase of any machines based on the
Intel Core 2 until these issues are dealt with (which I suspect will
take more than a year). Intel must be come more transparent.
(While here, I would like to say that AMD
x11/xfce4
On 6/25/07, Alex Kwan [EMAIL PROTECTED] wrote:
Hello,
I wanted to use xfce for my systems' windows manager, which packages are
must required? (I have install the X base).
thanks!
Alex
--
almir
On 6/21/07, Jeff Santos [EMAIL PROTECTED] wrote:
1. Is this address an IPv6 one? Can I find out who is asking for
it and why?
ugghh, named log? tcpdump?
2. How can I tell named not to deal with IPv6?
an ugly workaround would be to block all ipv6 traffic on named port.
--
almir
last time i checked the only port of obsd to xen was foo (far from
production ready).
On 6/19/07, David Greenberg [EMAIL PROTECTED] wrote:
Where can I find this project, or more specifically a working kernel
source/binary image or an entire Xen domU image? Thanks!
David
--
almir
env -i is your friend.
On 6/16/07, Mackan [EMAIL PROTECTED] wrote:
Hi list!
How do you guys restart apache (apachectl stop / start) without
having all the current shell variables show up in phpinfo() that
is exported in the shell?
Mackan
--
almir
Is this normal, or have I done something wrong.
this is normal.
--
almir
egrep '[EMAIL PROTECTED],4}$' mail.txt
##-- you want this, it get's the lines you posted.
On 6/14/07, OBSD [EMAIL PROTECTED] wrote:
Hi Almir,
your suggestion does not work completely.
What?
It misses the
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
I had the same issue as I used
cat
I am rather unexperienced in this field so any advice is highly appreciated!
(including other relatively safe php4+php5 methods that might work on
OpenBSD)
both lighttpd and apache allow you to have both php4 and php5 side by
side. in apache one has to be a FCGI process the other can be
On 6/8/07, Rico Secada [EMAIL PROTECTED] wrote:
Taking a certification doesn't prove anything imho. And the way that they
focus on the 4 different BSD's.. you could have someone being an expert
in OpenBSD yet he has never used DragonflyBSD, would this make him less
interesting to hire for a BSD
On 6/5/07, Marc Espie [EMAIL PROTECTED] wrote:
On Mon, Jun 04, 2007 at 11:45:27PM +0200, Almir Karic wrote:
I don't see any -i option documented in the sed manpage.
-i on some seds (gsed, ssed, FBSD sed, maybe others) means ''in
place'' edit, that feature can be reimplemented with ''sed
Find . -name *.htm -exec 'sed s/old/new/' '{}'.new
the above command is probably a sytnax error, due to unterminated
-exec (add \; at the end to fix this), that apart that command should
look for a command 'sed s/old/new/' (note: it should NOT invoke sed
command with s/old/new/ argument).
A completely safe solution would be writing a small script:
#! /bin/sh
exec sed s/old/new/ $1 $1.new
and using find . -type f -name \*.htm -exec /path/to/script {} \;
or find . -type f -name \*.htm -print0 | xargs -0 -L 1 -r /path/to/script
...-exec sh -c 'something with $1' {} \; is fully
...-exec sh -c 'something with $1' {} \; is fully safe as well.
sh -c 'echo foo$1bar' baz
- foobar
Seems not.
a typo, sorry, it should be sh -c 'echo foo$1bar' -- baz
i am cheating tho, and have sh symlinked to bash.
--
almir
\ This works indeed. But better use the additional quotes around $1. Just
get used to them, because $1 could contain IFS characters.
true, but in this case it doesn't really matter how shell splits words :)
i am cheating tho, and have sh symlinked to bash.
Why?
i learnt to use bash,
anyone managed to get obsd to run as xen guest OS? care to share how?
the only document i found is
http://ropersonline.com/openbsd/xen/openbsd-xen-howto , and well:
xen:/home/vserver/obsd# hg clone http://hg.recoil.org/openbsd-xen-sys.hg
requesting all changes
abort: HTTP Error 500:
On 4/21/07, Soner Tari [EMAIL PROTECTED] wrote:
I guess the OP means, for example, Ubuntu-like setting, where there is a
root account of course but you cannot log in as root (actually, you can
drop to root shell in single user mode or by sudo -i). I believe this
hopefully serves the purpose of
considered nfs over kerberos?
On 4/17/07, Pete Vickers [EMAIL PROTECTED] wrote:
try web DAV - works a treat for me on OpenBSD with linux, Mac
windows clients...
/pete
On 17 Apr 2007, at 2:28 AM, Rico Secada wrote:
Hi all.
At work I am experiencing with setting up some distributed file
On 4/10/07, Ryan Corder [EMAIL PROTECTED] wrote:
On Tue, 2007-04-10 at 07:53 -0700, Manuel Ravasio wrote:
I'm creating some shell scripts for various administrative purposes, and
I'd
really like to add some kind of command at the end of each in order to have
the pc speaker BEEP when the
use route tables, set the getaway 10.30.9.253 for the subnet on which
your other office is, and use your ISP's getaway as default getaway.
you can manipulate route tables with route(8).
On 3/19/07, Ricardo Lucas [EMAIL PROTECTED] wrote:
Hello ppl from misc,
I have an issue, I have a little
is this a second remote hole in default install?
--
almir
why do you bother asking questions if you are not willing to accept answers?
you either need:
pass out on bge0 from inside
block out on bge0 from inside to { outside, llcidr }
or:
block quick out on bge0 from inside to { outside, llcidr }
pass out on bge0 from inside
alternatively you could
On 3/5/07, Toni Mueller [EMAIL PROTECTED] wrote:
Hi,
On Thu, 22.02.2007 at 22:36:21 +0100, Joachim Schipper [EMAIL PROTECTED]
wrote:
Just filtering aggressively using pf works as well, of course.
it depends. My current impression is that if you can get away with
having the TCP stack reject
whats sad is how many people will never let go of NAT after they migrate
to ipv6.
why not start saving ipv6 adresses at the begening?
--
almir
they said the SAME thing about ipv4 :/
65536 x the total number of possible 48-bit MAC addresses.
irrelevant.
--
almir
are some ips won't be availible to ''average''
human beings (private ip ranges, broadcast adresses, router
adresses...), also enterprise will grab crapload of ips for business
needs.
On 1/28/07, Michael Jensen [EMAIL PROTECTED] wrote:
On 1/28/07, Almir Karic [EMAIL PROTECTED] wrote:
they said
what i would like to achieve is that on a shared host if bad guys (tm)
break into one site they can't get to other sites.
is this possible? i've been looking at su-exec but it is for cgi
scripts only :/, what other options there are?
AFAIK chroot is not the correct answer to my question as it
Maybe use permissions, diff user on each site, chmod to disallow
writing from other users?
that would solve the problem, but i have no idea how to achive it, and
google doesn't seem to like me :/. any hints?
--
almir
it will be proccessed in ''another way''.
192.168.0.0/16 means ''any ip adress which has first 16 bits the same
as 192.168.0.0''. and first 16 bits in this case are ''192.162''.
On 1/9/07, Artyom Goryainov [EMAIL PROTECTED] wrote:
And when I write for example local_net=192.168.0.0/16 will it
71 matches
Mail list logo