ackets are sent from another system. This means that things seem
to work in the receiving direction.
In the same system there are mellanox connectX-5 nics. The 1GE-SFP works
flawlessly with it.
Regards,
Joerg
--
Dipl.-Ing. (FH) Joerg Streckfuss M.Sc. (Senior IT-Specialist)
DFN-CERT Services G
ining patches. So far the systems are running
stable. Are there any changes between the 7.2 and 7.3 releases that could
indicate a bug?
Many regards,
Joerg
On 2023-09-25, Joerg Streckfuss wrote:
This is a cryptographically signed message in MIME format.
--ms0303060905010004030
Dear list,
today two of our firewalls crashed. after i was able to bring the first firewall
back online, this one crashed again within a few minutes. this time i was able
to take a stack-trace from the console:
OpenBSD/amd64 (fw1) (tty00)
login: uvm_fault(0x823237a0, 0x0, 0, 1) ->
Hello,
I'm trying to use the relayd router function to add host routes to the routing
table with a route label for further processing by bgpd. The host ist directly
connected to the firewall.
relayd.conf:
table { 2001:::::4 }
router "service_v6" {
route 2001:::::4/
Dear List,
we have problems with Intel nics of type Intel X710 (10 GbE) on a Dell R740. In
total we have three nics with four ports each. With the uprade to OpenBSD 6.8 we
lost two ports (ixl11 and ixl12). Now we upraded iteratively to OpenBSD 7.1 an
we lost another port (ixl10). The update
Hi misc,
i am trying to create a simple smtp client configuration, where the
client should only send local mails to a relay host. the key point is
that the relay host hides a redundant MX record with different
priorities in the DNS. A DNS A-record (or quad A) on the other hand does
not exist.
As
Hello list,
I am trying to get Intel XXV710 SFP28 dual port nics to work under
OpenBSD 7.0-beta on a PE 6515 with AMD Milan CPU.
There are two cards in the server. The behavior is such that only one
port works on one card at a time. Occasionally two ports distributed on
two cards work but never t
Hi list,
We orderd some Dell machines PE R6515 with AMD EPYC 7302P 3GHz but
surprise the CPUs are not available. An alternative suggested by dell
would be the Epyc 7402p 24C/48T 2,8Ghz CPU. But I'm thinking of going
for the Milan CPU right away. Specifically, it would be the AMD Milan
7313P 3Ghz
Hello folks,
in the past we used Dell servers like PE 1850, PE 2850, PE R730 and PE
R740. We had good experiences running Openbsd on these systems. These
models are all Intel based but for another project i'm considering
giving AMD a chance.
I'm very interested in the Dell PE R6515 with AMD EPY
Am 02.09.19 um 19:58 schrieb Stuart Henderson:
Use sysupgrade -n and monitor the OS version number ("what
/home/_sysupgrade/bsd"). If you see 6.6-current it is post-release and
you should not install it ("rm /bsd.upgrade"), you can then wait until
actual release day and update to be sure you're r
Hi Misc,
we have to run 6.6 snapshot on one of our firewall clusters to get in
touch with the new aggr(4) driver. This driver seems to work great
whith 6.6 snapshot on a dell pe 470 with intel X710 based quadport
sfp+ nics doing LACP.
We had serious problems with the trunk(4) driver on OpenBSD 6
Am 01.08.19 um 14:55 schrieb Joerg Streckfuss:
Hi Misc,
we bought two new Dell PowerEdges R740. Each System has 3 intel X770
based quadport sfp+ nics. Onboard are two further intel i350 based
sfp+ ports.
Correction - Of course I mean 3 intel X710 based quadport sfp+ nics
and two intel x520
Hi Misc,
we bought two new Dell PowerEdges R740. Each System has 3 intel X770
based quadport sfp+ nics. Onboard are two further intel i350 based
sfp+ ports.
The firewalls are running OpenBSD 6.5 stable. To test lacp 802.3ad with
ix and ixl based interfaces I build two trunks which directly connec
Dear list,
i want to block udp fragments to a specific host while the reassembling is
turned on for all other traffic:
In pf I would write something like this:
# reassemble fragmented packets (default yes)
set reassemble yes
# scrub all traffic
match all scrub (random-id no-df)
# block frag
Dear list,
i want to know why it is good practice to use /32 netmask for ipv4
respectively /128 netmask for ipv6 addresses on carp interfaces, while using the
"real" netmask for example /24 for a dedicated address on an interface.
Any advice ?
Thanks,
Joerg
Am 15.08.2018 um 18:26 schrieb Stuart Henderson:
On 2018-08-15, George wrote:
I believe you may be looking for a redirect not a relay. It all really
depends on your network topology and what you are trying to do but in
general something like this is what you are looking at:
For directing traf
Dear list,
i'm playing around with a squid setup, where the http traffic from a client is
transparently routed from the gateway (openbsd 6.3) to two squid caches (squid
3.5.28). This means the caches are _not_ placed on the gateway.
With PF this is very easy to achieve:
pass in quick on $INT
Hi,
Am 30.01.2017 um 18:17 schrieb Peter Fraser:
> My /var/log/messages is filling up with messages like the following:
>
> Jan 30 10:28:06 gateway sendsyslog: dropped 4 messages, error 55
> Jan 30 10:28:06 gateway sendsyslog: dropped 2 messages, error 55
> Jan 30 10:28:06 gateway sendsyslog: drop
configuration 1 interface 0 "vendor 0x10d5 UKU-M02 1.7"
rev 1.10/0.00 addr 5
uhidev0: iclass 3/1
ukbd0 at uhidev0
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub4 port 4 configuration 1 interface 1 "vendor 0x10d5 UKU-M02 1.7"
rev 1.10/0.00 addr 5
uhidev1: iclas
Dear list,
i'm in progress in installing 5.6 stable on a Poweredge R730.
This system has a PERC H730 mini raid controller.
The OpenBSD installer aborts with the following message when fdisk
wants read disk geometry:
fdisk: DIOCGPDINFO: Input/output error
fdisk: Can't get disk geometry, please us
Am 07.08.2013 16:20, schrieb Christian Weisgerber:
> Well, you can either use two NICs on your gateway, one connected
> to a vlan1 port on the switch, the other to vlan2. Or you can can
> set up vlan1 and vlan2 on em0 and connect them to a trunk port on
> the switch. This is straight from my home
Okay, I can reproduce the problem.
In the nearly 80 % (by guess value) of cases the relayd stops forwarding
packets in the given situation:
- first the services of the master host goes down.
- relayd switches to the backup pool. requests are redirected to the
backup host.
- master host revive
Hi list,
since an Upgrade to 5.0 of our pf-cluster we encoutered connection problems of
one of our webservers under high packet rate. We messured a load of about 6
million and more hits per day. The webserver serves little static content around
a few KByte.
I'm not really sure if this proble
Am 20.07.2011 00:31, schrieb Kapetanakis Giannis:
> On 19/07/11 20:03, Joerg Streckfuss wrote:
>> Hi list,
>>
>> i have the following testsetup with four firewall nodes connected to three
>> networks:
>>
&
Hi list,
i have the following testsetup with four firewall nodes connected to three
networks:
network A
|--|
|| CARP ||
|| ||
+--+--+ +--+--++--+--+ +--+--+
Dear list,
it's just an idea but in times like these where IPv4 adresses are a scarce
resource, i think about the following purpose:
Can it be possible to use the relayd to redirect IPv4 Requests to a IPv6 pool
of Servers?
Regards,
Jvrg
[demime 1.01d removed an attachment of type application/
Am 04.06.2010 13:18, schrieb Sevan / Venture37:
> Test a snapshot to see if the issue still exists
>
>
> Sevan / Venture37
Okey, we tested the newest snapshot but the issue remains.
Any other clue?
Joerg
[demime 1.01d removed an attachment of type application/pkcs7-signature which
had a name of
Hi list,
we bought two Dell R610 Servers with four built-in Broadcom BCM5709 nics.
Additionally we installed one Intel PRO/1000 QP quad port nic. There are no
problems with the Broadcoms but something strange happens to the Intel nic.
Sometimes, almost always one to two ports of the intel card co
Toni Mueller schrieb:
> Hi,
>
> On Fri, 20.03.2009 at 14:28:46 +0100, Joerg Streckfuss
> wrote:
>> How does CARP behaves when on the master node two "unimportantly" interfaces
>> fail and on the backup node only the uplink interface fails? Does CARP
>&g
d two independant
firewall clusters means two independent rulsets to manage.
I think i will try ifstated with a finite state machine based on ping test
and
demotion counter.
--
Dipl.-Ing. (FH) Joerg Streckfuss, Phone: +49 40 808077-631
DFN-CERT Services GmbH, https://www.dfn-cert.de/, Phone +49 4
example a more important interface gets a higher rate than a less
important
interface.
Probably the ifstated deamon and the demotion counter are the topics to get
around with this.
Does anybody have experiences demotion couter and ifstated?
Thanks in advance.
Joerg
--
Dipl.-Ing. (FH) Joerg
> Since this is redirect, it should work, providing you don't
> configure 10.0.0.1 as an IP address on the loadbalancer itself.
>
I quite agree. The loadbalancer is configured with IP address 10.0.0.5 (CARP).
Only the directive "listen on ..." for the rediect in the relayd configuration
uses IP 1
Am Mon, 10 Nov 2008 17:42:50 +0100
schrieb JC6rg StreckfuC <[EMAIL PROTECTED]>:
> Hello,
>
> I'm in the process to setup relayd as a loadbalancer, which will distribute
> http request to three webservers. I think this is a really common setup.
> I'm using OpenBSD 4.4
>
> this is my config:
>
>
>
006, 14:17 +0100 schrieb Marc Peters:
> hi joerg,
>
> you may want to have a look at firewall builder (www.fwbuilder.org). it
> can produce rulesets for pf, but you should have a look at the conf
> later on and check the ruleset if it fits your needs.
>
> hth,
> marc
--
Joerg
file.
So is there a better way to handle big rulesets?
Cheers Joerg.
--
Joerg Streckfuss, DFN-CERT Services GmbH
PGP RSA/2048, E0D4BD3F, 90 C3 FB 4A CB D3 20 70 6B 04 47 84 B5 3C 28 8C
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
hi list.
last night i patched my openbsd-3.8
soekris-box. Everything went fine.
I've got another box for firewalling with
512MB-flash standard setup, but without any
compiler-suite installed. Of course i want to patch this
box as soon as possible. shoud i copy the complete
perl-files to this box?
36 matches
Mail list logo