Hi,
I suspect this may be the wrong list for this question. However although
strictly it's a Bourne shell script query, it only seem to act up under OpenBSD
(for me).
Essentially I have a job which needs to be run periodically. So I have a shell
script to do the necessary commands, and this is
580-00D.pdf
(let me know if you want list spam with full dmesg).
/Pete
On 13. mars 2014, at 18:48, Ted Unangst wrote:
> On Thu, Mar 13, 2014 at 18:44, Pete Vickers wrote:
>> Hi,
>> I have a an amd64 server (HP DL360 G5), with an Qlogic FC HBA in it. It
>> appears
Hi,
I have a an amd64 server (HP DL360 G5), with an Qlogic FC HBA in it. It appears
to be based on the ISP2400 series, and isp man page says the driver only
supports up to the ISP2300 series. However the driver appears to try to attach
the device irrespective (and fail). Does anyone know how dif
add a line like "!/sbin/route what via where" to your /etc/hostname.vr1 file
On 20. jan. 2012, at 15.29, Hendrickson, Kenneth wrote:
> +--+
> | Firewall |
> | | .33.34.35.97
> | vr0dhcpd | | | | | Wired Network
> | 172.24
On 20. jan. 2012, at 01.50, Martin Pelikan wrote:
>
> ... better alternative:
>
> echo 'export PKG_PATH=ftp://ftp.XX.openbsd.org/pub/OpenBSD/`uname
-r`/packages/`uname -m`/' >> ~/.profile
>
> for -release and -stable, or
>
> echo 'export
PKG_PATH=ftp://ftp.XX.openbsd.org/pub/OpenBSD/snapshots/packa
SOO can be used for loop detection, but only if your bgp peerings don't strip
extended communities.
another dirty hack would be to get the peer to aggregate your 'remote'
prefixes towards you (without as-set) to conceal the ASN. beware that ebgp
routes are prefered over ibgp by default though - th
Hi,
Just a quick question to see if anyone's working on implementing the above on
OpenBSD, and in particular it's integration with OpenBGPD/OpenOSPF ? Note that
this is not a 'please can I have this feature for free' or suchlike, merely a
tentative status query. (BFD is appearing more & more frequ
On 1. jan. 2012, at 23.40, Stuart Henderson wrote:
> On 2012-01-01, Pete Vickers wrote:
>> snippet from /etc/named-gn.conf :
>> controls {
>> inet 10.20.30.2 port 954 allow {10.20.30.2;} keys {"rndc-key";};
>> };
>>
>> then it also fails and com
Hi,
I am having difficulty running named in a non-default rdomain, on the
following platform:
root@ns0 ~ # uname -a
OpenBSD ns0.whatever 5.0 GENERIC#36 sparc64
I have an interface in a rdomain '1':
root@ns0 ~ # ifconfig bge1 | head -1
bge1: flags=28843 rdomain 1
mtu 1500
and happy:
root@ns0
On 1. nov. 2011, at 00.15, carlopmart wrote:
> On 10/31/2011 10:01 PM, Tyler Morgan wrote:
>> Hi, I setup four 4.9-RELEASE installs under ESXi 5.0.0:
>>
>> amd64 as "Other"
>> amd64 as "FreeBSD"
>> i386 as "Other"
>> i386 as "FreeBSD"
>>
>> All 4 got 512megs of RAM, unlimited use of the 8 availabl
On 29. aug. 2011, at 12.22, Laurent CARON wrote:
> Hi,
>
> I wonder if it is possible to remove a private AS from the AS path while
> using OpenBGPd.
>
> IOS black magic for this would be:
> # neighbor $NEIGH remove-private-AS
>
slightly OT, but IIRC that IOS command only strips a _pure_ private
Hi,
trying to boot my Sun Ultra45 workstation from install49.iso results in this:
ok reset-all
Sun Ultra 45 Workstation, No Keyboard
Copyright 2006 Sun Microsystems, Inc. All rights reserved.
OpenBoot 4.22.19, 8192 MB memory installed, Serial #69377208.
Ethernet address 0:14:4f:22:9c:b8, Hos
depending on your dns name flexability, another possible alternative is to use
site names like bob.example.com and alice.example.com then you can run both
via a single wildcard SSL cert "*.example.com" on the single IP address.
/Pete
On 14. apr. 2011, at 20:45, Matthew Dempsky wrote:
> On Thu
6NS SerDes
> +product INTEL 82599_T3_LOM 0x151c 82599 T3
> product INTEL 82576_QUAD_CU_ET2 0x1526 PRO/1000 QP (82576)
> product INTEL 80960RP_ATU 0x1960 80960RP ATU
> product INTEL 82840_HB0x1a21 82840 Host
> Index: if_ix.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_ix.c,v
> retrieving revision 1.46
> diff -u -p -r1.46 if_ix.c
> --- if_ix.c 10 Nov 2010 15:23:25 - 1.46
> +++ if_ix.c 15 Mar 2011 17:31:39 -
> @@ -68,7 +68,8 @@ const struct pci_matchid ixgbe_devices[]
> { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82599_COMBO_BACKPLANE },
> { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82599_CX4 },
> { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82599_SFP },
> - { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82599_SFP_EM }
> + { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82599_SFP_EM },
> + { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_82599_T3_LOM }
> };
>
> /*
> @@ -1251,6 +1252,10 @@ ixgbe_identify_hardware(struct ix_softc
> case PCI_PRODUCT_INTEL_82598EB_XF_LR:
> sc->hw.mac.type = ixgbe_mac_82598EB;
> sc->optics = IFM_10G_LR;
> + break;
> + case PCI_PRODUCT_INTEL_82599_T3_LOM:
> + sc->hw.mac.type = ixgbe_mac_82599EB;
> + sc->optics = IFM_10G_T;
> break;
> case PCI_PRODUCT_INTEL_82598AT_DUAL:
> case PCI_PRODUCT_INTEL_82598AT:
>
Pete Vickers
p...@systemnet.no | +47 48 17 91 00
SystemNet AS
On 22. feb. 2011, at 16.22, Joachim Schipper wrote:
> On Tue, Feb 22, 2011 at 03:04:25PM +0100, Pete Vickers wrote:
>> Now that the IPv4 address space if fully allocated, perhaps it's time to
>> update the comments in /etc/hosts ? Here is my attempt at a reasonab
Now that the IPv4 address space if fully allocated, perhaps it's time to
update the comments in /etc/hosts ? Here is my attempt at a reasonably concise
update:
# Assignments from RFC5735 (supersedes RFC1918)
#
# Allocated for use as the Internet host loopback address:
# 127.0.0.0/8
#
# Allocat
On 3. feb. 2011, at 17.37, Bret S. Lambert wrote:
> On Thu, Feb 03, 2011 at 07:31:01AM -0800, Johan Beisser wrote:
>> On Feb 3, 2011, at 5:17, Martin SchrC6der wrote:
>>
>>> 2011/2/3 Bret Lambert :
Counting my toaster?
>>>
>>> Your toaster has an IP?
>>>
>>
>> Yours doesn't?
>>
>
> He'
Hi,
My Option iCON401 (aka GI401) [1], appears to require tickling to re-appear as
a umsm instead of the initial umass. Can someone point me at the file/list to
add the IDs to, too invoke this ?
thanks
/Pete
$ usbdevs -dv -f /dev/usb0
Controller /dev/usb0:
addr 1: high speed, self powered, co
No problem with inbuilt pop3d. Some hints for you:
$ grep pop3 /etc/inetd.conf
127.0.0.1:pop3 stream tcp nowait root/usr/sbin/popa3d
popa3d
$ pkg_info | grep stunnel
stunnel-4.20SSL encryption wrapper for standard network daemons
$ grep -A 3 pop3s /etc/stunnel/stunnel.conf
Hi,
We're currently deploying some IPv6 connectivity (no flame wars please), and
need to provide a suitable transition solution for IPv6 only clients to access
IPv4 services. At a bare minimum generic TCP/UDP/ICMP services should be
supported for large pools of users. I'm aware of Reyk's work here
BSD is really network toolbox
> (OpenOSPF/BGP. etc).
>
> This can help to get a internet with v6 ready ?
>
> Regards,
> xavier
>
Pete Vickers
p...@systemnet.no | +47 48 17 91 00
SystemNet AS
ahh. that works perfectly, thanks !
/Pete
On 13. sep. 2010, at 18.25, Andy Bradford wrote:
> Thus said Pete Vickers on Mon, 13 Sep 2010 16:32:08 +0200:
>
>> Match Group !wheel
>
> Forget my last suggestion. :-) Just make a pattern-list and use:
>
> Match Group *,!wheel
>
> Andy
On 13. sep. 2010, at 13.17, Joachim Schipper wrote:
> On Mon, Sep 13, 2010 at 10:59:56AM +0200, Pete Vickers wrote:
>> I'm trying to set up a box such that normal users are chroot'd to their
home
>> directories, and can only use sftp.
>
>> Any clues what I
Hi,
I'm trying to set up a box such that normal users are chroot'd to their home
directories, and can only use sftp. I have added this to the config file &
restarted sshd:
r...@container ~> tail /etc/ssh/sshd_config
#
#
#
# all non-wheel users should be chrooted to their home and sftp only
#
Mat
On 26. aug. 2010, at 00.18, Don Tek wrote:
> I've recently implemented a firewall with two internet connections using
multipath routing and round-robin outbound load balancing.
>
> I am looking for a solution from the shell to detect failure of these two
internet gateways so I can force routing an
syswq
3 0 0 0 3 0x40100200idle0
2 0 0 0 30x100200 kmalloc kmthread
1 0 1 0 3 0x4080 wait init
0 -1 0 0 3 0x80200 scheduler swapper
ddb>
/Pete
On 25. aug.
I have a SunBlade100 running 4.7RELEASE which I stuck a PCI/Cardbus adapter
in; and it appears to be recognised in dmesg:
. . .
cbb0 at pci1 dev 2 function 0 "Ricoh 5C475 CardBus" rev 0x80: ivec 0x7d5
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x
On 27. juli 2010, at 15.09, Pete Vickers wrote:
> Hi,
>
> From dmesg, the graphics card in my Sun blade100 is:
>
> machfb0 at pci0 dev 19 function 0 "ATI Rage XL" rev 0x27
> machfb0: ATY,RageXL, 1280x1024
>
> which is connected via DVI cable to a Sun monitor
Hi,
>From dmesg, the graphics card in my Sun blade100 is:
machfb0 at pci0 dev 19 function 0 "ATI Rage XL" rev 0x27
machfb0: ATY,RageXL, 1280x1024
which is connected via DVI cable to a Sun monitor #365-1429. This monitor
supports 1280x1...@60hz. However starting X without a config file only run i
Hi,
I seem to recall that there was some discussion (in a Claudio presentation
IIRC) about OBSD potentially supporting h/w based forwarding at some time in
the distant future.
At a first glance, this (NetFPGA) project appears to be the kind of thing
that's needed to kick start such an activity:
then maybe he could use
traceroute instead to gather the statistics from. The advantage here is that
he could employ traceroute's '-g' option to specify which gateway to use for
that probe.
/Pete
On 24. juli 2010, at 23.14, Philip Guenther wrote:
> On Sat, Jul 24, 2010 at
if your testing host is in the same subnet as the 3 gateways' inside
interfaces, then your probe script can just overwrite the ARP entry for the
next hop to each of the gateways in turn. no need to do any layer 3 changes at
all.
/Pete
Den 24. juli 2010 kl. 12:56 skrev Philip Guenther :
> On Th
the full AT command sets are available somewhere here:
http://www.google.com/search?q=at.commands+site:3gpp.org
Note that a large number of the 'modems' these days, expose two serial
interfaces, and only one will listen for AT commands, until correct
initialisation is done...
/Pete
On 16. j
orts port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> acl proxy_users_port m
Hi,
Transport mode IPSec has many legit uses. The first one which springs to mind
is gateway-gateway encryption, over which you can use your favourite tunneling
protocol e.g. L2TP or GRE. Especially useful if you're transporting multicast
traffic over the VPN.
Also one of the most popular remote
This works for me with kernel ppp:
http://archive.psg.com/gprs-vickers.txt
/Pete
On 23. mai 2010, at 02.52, J.C. Roberts wrote:
> On Sat, 22 May 2010 22:08:57 +0200 patrick kristensen
> wrote:
>> Thanks for taking the time to answer and your fast replies.
>>
>
> Actually, ppp and TDMA/CDMA a
something like this:
http://www.openbsd.org/papers/asiabsdcon2010_vether/index.html
especially page 6/7...
/Pete
On 11. mai 2010, at 13.45, Toni Mueller wrote:
> Hi,
>
> I've been trying to figure out whether I can use OpenBSD in a nested
> vlan scenario. I'm looking at a data centre where
In keeping with your 'lets get something up on there to point the whiners at',
how about adding this:
* Add support for RFC5837 to OpenBSD's IP stack.
This could be suitable task since it presumably has 'cool factor' & is an
easily definable task, and is not trivial to write.
/Pete
On 22. a
On 31. mars 2010, at 20.01, Claudio Jeker wrote:
> On Wed, Mar 31, 2010 at 08:08:01PM +0300, Eugene Yunak wrote:
>> On 31 March 2010 19:27, N. Arley Dealey wrote:
>>> It would appear to me that antispoof and URPF achieve similar results. Is
>>> there a reason to prefer one over the other?
>>
>> N
On 11. mars 2010, at 12.13, TS Lura wrote:
> Dear OpenBSD community,
>
> I'm doing a small research paper on Cisco and try to find out if they are
> "evil" or not in relative to open/free source/standards, and business
> practice. Eg. locking people to their product line aka the MS way.
>
> I'm se
On 7. mars 2010, at 00.07, Claudio Jeker wrote:
> On Sat, Mar 06, 2010 at 06:52:24PM +0100, Rogier Krieger wrote:
>> On Sat, Mar 6, 2010 at 17:26, PP;QQ P(P8P?P8QP8P=
>
>> wrote:
>>> no, I want routes exactly to carp.
>>
>> That sounds odd. Routes are something different than what particular
Hi,
Just FYI:
{2} ok setenv boot-device disk0 disk1
boot-device = disk0 disk1
this boots disk0 or fails over to disk1.
/Pete
On 1. mars 2010, at 20.14, philippe aubry wrote:
> In the openfirmware env you can save only one device to boot if I remember
> correctly.
On 1. mars 2010, at 19.40, Kenneth R Westerback wrote:
> On Mon, Mar 01, 2010 at 03:56:22PM +0100, Pete Vickers wrote:
>> Hei,
>>
>>
>> Upon booting either 4.6-RELEASE or 4.7-BETA on my SunFire 880 causes the
>> kernel it to 'see' twice the correct nu
Hei,
Upon booting either 4.6-RELEASE or 4.7-BETA on my SunFire 880 causes the
kernel it to 'see' twice the correct number of physical disk. Further if I
install the o/s using bsd.rd on to sd0, then upon reboot the kernel can't
find the root disk. However if I install on sd12 then booting etc is
On 26. feb. 2010, at 11.58, Claudio Jeker wrote:
> On Fri, Feb 26, 2010 at 11:30:30AM +0100, Pete Vickers wrote:
>> On 26. feb. 2010, at 03.01, Aaron Mason wrote:
>>
>>> On Thu, Feb 25, 2010 at 10:04 AM, Pete Vickers wrote:
>>>> Hi,
>>>>
>>
On 26. feb. 2010, at 03.01, Aaron Mason wrote:
> On Thu, Feb 25, 2010 at 10:04 AM, Pete Vickers wrote:
>> Hi,
>>
>> A proxy (squid) server running i368/4.6RELEASE with around 800 users, what
>> would be a reasonable value to increase kern.maxclusters too, to cure t
Hi,
A proxy (squid) server running i368/4.6RELEASE with around 800 users, what
would be a reasonable value to increase kern.maxclusters too, to cure this :
r...@proxy-s ~> grep mcl /var/log/messages
Dec 10 10:13:43 proxy-s /bsd: WARNING: mclpools limit reached; increase
kern.maxclusters
Dec 1
t;> CONTROL PLANE AND MANAGEMENT PLANE PROTECTION
>>
>> some parts looks like possible with pf(4) some not, but as I said this
>> must be confirmed by someone who knows much more
>>
>> Built-In "Special-Case" CPU Rate Limiters
>>
>> read users
On 17. feb. 2010, at 08.47, Claudio Jeker wrote:
> On Wed, Feb 17, 2010 at 03:35:24AM +0200, Kapetanakis Giannis wrote:
>> On 17/02/10 03:16, FRLinux wrote:
>>
>>> Mmmh, you picked my interest here. You mentioned your cisco 6500 but I
>>> guess you are going to use only gigabit NICs, so you have n
presumably this is no worse than any other firmware, just that since it's open
source you can actually see it ?
is it just me or does the Fuloong
(http://www.lemote.com/english/fuloong.html) look like a perfect car-puter,
since it has 12V power requirements, S-video & audio output, and IR receiver
Hi,
Thanks for the patch - good idea. However
Since the firmware on the MacBook Air in question does not recognise non-OSX
(HFS+) USB memory sticks, I could only test this patch by applying it on
another machine's tree, then 'make release' and burning the created cd47.iso
to a CDROM. Upon boo
Hi,
neither 4.6 or 4.7snapshot find the SSD HDD in my macbook air. These dmesg
entries are about as far as it gets:
pciide0 at pci0 dev 31 function 1 "Intel 82801HBM IDE" rev 0x03: DMA, channel
0 configured to native-PCI, channel 1 configured to native-PCI
pciide0: channel 0 disabled (no drives)
My MacBookPro with a recent snapshot works pretty good:
# sysctl hw.product
hw.product=MacBookPro2,2
# ifconfig athn0
athn0: flags=8843 mtu 1500
lladdr 00:19:e3:d9:96:9b
priority: 4
groups: wlan egress
media: IEEE802.11 autoselect (OFDM54 mode 11g)
status:
this is with the other machine powered off, so it's config is
irrelevant.
Den 12. jan. 2010 kl. 17.08 skrev Ben Calvert :
pete -
pls send /etc/hostname.carp0 from the other machine.
On Jan 12, 2010, at 3:14 AM, Pete Vickers wrote:
Hi,
Whilst setting up a H/A service on a pa
Hi,
r...@gins0 ~>grep pf /etc/rc.conf.local
pf=NO # Packet filter / NAT
switches are fine, and couldn't affect outgoing packets anyway.
/Pete
On 12. jan. 2010, at 12.55, Rogier Krieger wrote:
> On Tue, Jan 12, 2010 at 12:14, Pete Vickers wrote:
>> Debuggi
Hi,
Whilst setting up a H/A service on a pair of RELEASE4.6/i386 (+ bind/ssl
patches) machines, I observe that both become carp master concurrently.
Debugging shows that the carp master does not appear to transmit carp
announcements:
r...@gins0 ~>tcpdump -i bnx0 -n proto carp
tcpdump: listening
you don't really need to soft raid the boot partition, since you can just put
it on both physical disk, and set the system to boot from either, with
something like this:
ok> setenv boot-device disk0 disk1
/pete
On 3. jan. 2010, at 18.03, Kent Watsen wrote:
> Hi,
>
> I have a Netra T1 (sparc
Hi,
I have a HP (Compaq) ProLiant DL380 G5 which, according to dmesg,
incorporates IPMI.
# grep IPMI /var/run/dmesg.boot
"Hewlett-Packard IPMI" rev 0x00 at pci16 dev 4 function 6 not configured
# pcidump -v 1:4:6
Domain /dev/pci:
1:4:6: Hewlett-Packard IPMI
0x: Vendor ID: 103c P
On 16. des.. 2009, at 22.36, Martin Hein wrote:
On Wed, 16 Dec 2009 11:19:33 -0700
"Andy Nguyen" wrote:
If I configure community as Martin
suggested this will also take out the path to my network. Thanks.
If your real AS is transit only for your prefix it wont work.
Your real AS should ann
How about aggregation? That's a nice knob to have (I use it quite
often). The atomic-aggregate option cold be used legitimately (see
RFC4271) to hide an (RFC1918) AS in some circumstances.
/Pete
On 16. des.. 2009, at 10.29, Claudio Jeker wrote:
On Wed, Dec 16, 2009 at 09:55:40AM +0100,
someone else also just pointed out the diagnostic properties of eye
ache pattern off-list too.
So I guess it's ~/.xinitrc in site.tgz for me then.
/Pete
On 19. nov.. 2009, at 21.24, J.C. Roberts wrote:
As long as you promise not to hate me for taking the other side of
things, the default
Hi,
Having just installed 4.6 on my sunblade100 I'm truly very impressed
by the recent advances in OpenBSD's X implementation - after a very
rapid run through the improved install script, X started flawlessly
with a usable (and accelerated) session. The automatic correct
keyboard layout i
You're right, I should have read the email more carefully / drank more
coffee.
/Pete
On 17. nov.. 2009, at 13.11, Artur Grabowski wrote:
No. It will not solve any problem (ignoring that there was no problem
in the first place).
//art
Pete Vickers writes:
alternatively you coul
serve 800MB of file data through ftpd then yes.
3. Is it normal that this memory seems to be lost from the system?
yes. The keyword here is "seems".
The memory is used for caching the file contents in case you decide to
read those files again. It's reused for more useful things
On 12. nov.. 2009, at 12.16, Comete wrote:
Hi,
i had a similar problem with our configuration, and i resolved this
by setting this in /etc/squid/squid.conf
max_filedescriptors 4096
Very good performances now ;)
Pete Vickers a icrit :
Hi,
I have performance problems on the above platfor
Hi,
I have performance problems on the above platform. After some time the
proxy runs very slowly, and console becomes slow to respond. No
observable difference between bsd.sp or bsd.mp
See tweaks applied below. Since I've tried without them first, but
e.g. squid exhausted filedescriptors,
I've used this before with good results:
http://dhcpstatus.sourceforge.net/install.html
/Pete
On 8. okt.. 2009, at 15.06, Ian Chard wrote:
Hi,
I'm using the stock OpenBSD dhcpd, and I'd like to monitor the state
of the pool (how many addresses in use/available). Is there any way
of do
I had trouble with the getpwent flag, so since the same box also does
IMAP*
this works for me:
$ cat /usr/local/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
$ grep sas /etc/rc.local
if [ -x /usr/local/sbin/saslauthd ]; then
echo -n ' saslauthd'; /usr/local/sbin/saslauthd -a rimap -O
On 19. juni. 2009, at 00.40, Ted Unangst wrote:
On Thu, Jun 18, 2009 at 5:54 PM, Pete Vickers
wrote:
nah, you maybe right technically with the data-center argument, but
not
politically. Everyone has the 'right' to proper redundancy for H/A
if they
want/need it. Actually, the
On 19. juni. 2009, at 00.10, Henning Brauer wrote:
* Pete Vickers [2009-06-19 00:02]:
Actually, the sooner the IPv4 space gets used up the
better, then everyone will have to migrate to IPvShit, and be done
with
it.
that doesn't solve a single problem.
in return, you get a pletho
ne with it.
/Pete
On 18. juni. 2009, at 22.49, tico wrote:
Karl O. Pinc wrote:
On 06/18/2009 01:50:17 PM, Pete Vickers wrote:
On 18. juni. 2009, at 19.45, Karl O. Pinc wrote:
What's the best way to solve this problem?
stop trying to bodge it, and get some PI space.
I'd
On 18. juni. 2009, at 19.45, Karl O. Pinc wrote:
What's the best way to solve this problem?
stop trying to bodge it, and get some PI space.
/Pete
On 27 May 2009, at 10:01, Otto Moerbeek wrote:
On Wed, May 27, 2009 at 09:43:18AM +0200, Otto Moerbeek wrote:
On Wed, May 27, 2009 at 10:29:10AM +0300, Gregory Edigarov wrote:
Bob Beck wrote:
* Chris Harries [2009-05-26 10:48]:
it sure beats everyone moaning at me as they cannot read e-ma
On 30 Apr 2009, at 00:14, Daniel Ouellet wrote:
Joe S wrote:
What's really frustrating here are the network admins I work with
that
are trying to migrate from ipsec vpns to MPLS because it's "easier"
and "just as secure".
Well, I am not sure that it would be very convincing to them, but I
On 12 Apr 2009, at 23:47, Jason McIntyre wrote:
On Sun, Apr 12, 2009 at 10:40:08PM +0200, Pete Vickers wrote:
SEE ALSO section, entry for Web Cache Coordination Protocol V1.0,
link
is broken. A suitable replacement is:
http://www.ietf.org/proceedings/99jul/I-D/draft-ietf-wrec-web-pro-00.txt
SEE ALSO section, entry for Web Cache Coordination Protocol V1.0, link
is broken. A suitable replacement is:
http://www.ietf.org/proceedings/99jul/I-D/draft-ietf-wrec-web-pro-00.txt
/Pete
A public statement from him (Wim) would be appropriate now I believe.
Especially informing all of us who have pre-ordered the latest release
via him what will happen with our orders, and importantly when he will
forward the proceeds to Theo et al.
/Pete
On 25 Mar 2009, at 01:16, Floor Te
The 'standard' (for at least one vendor's definition of standard) way
to get around this, is to slap a different route distinguisher (RD) on
each of the desired 'duplicate' paths. BGP then sees these as
individual paths and will happily communicate both concurrently.
Separate but related, i
Hi,
What about Postel's 'be liberal in what you accept' ? What about
peers/intermediate system that have for example bugs which
accidentally set FIN flags (ISP's broken traffic shaping/limiting
device anyone ?). If pf can safely cleanse such legitimate traffic,
then why block it ?
Bli
The bge driver sucks for these cards - just chuck in an em(4) NIC and
you should see instant improvement.
'netstat -I bge0' will confirm the packet errors
/Pete
On 27 Feb 2009, at 14:33, Alexander Farber wrote:
bge0 at pci3 dev 6 function 0 "Broadcom BCM5704C" rev 0x10, BCM5704 B0
(0x2100
If you are doing web traffic, then relayd can insert a HTTP header
into the inbound request, which is then visible to the backend
webserver.
For vanilla tcp connections, verbose logging on relay box and backend
together with ntp time syncing and some scripting foo should permit
reconstruc
esult?
Thanks
Tony
On Fri, Feb 13, 2009 at 2:05 PM, Pete Vickers
wrote:
Hmm, I can't grok you problem description, since it's ambiguous.
there are serveral devices here:
A. ssh client
B. ssh server
C. http(s) proxy server
D. http(s) proxy client (web browser)
I thought you mean
xy" you mean your proxy sitting in your machine where
> you do the ssh to?
>
> In my case I want to include the proxy which allows Internet access
> sitting on the clients terminal and not in the remore machine.
>
> Thanks
>
> Tony
>
> On Fri, Feb 13, 2009 at 1:31
Hi,
If your just trying to do an SSH connect via a http proxy, then I do
something like this:
[p...@air] ~> cat ~/.ssh/pconn.sh
#!/bin/bash
# pconn.sh
LF=$'\015'
CMD="CONNECT $1:$2 HTTP/1.0"
echo "yyy${CMD}yyy" >&2
(echo "$CMD$LF"
echo
cat ) |
nc proxy_server_ip_address 8080 | (
while re
Hi,
We're interested in getting GTP protocol [1,2] support into OpenBSD's
tcpdump, however there doesn't appear to be any upstream support for
it [0].
So, if any of the devs are interested in paid work to add this then
please drop me a line. This would ideally be someone with CVS write
5 minutes smells like an ARP cache timeout, so I'd start by watching
arp caches and mac-address tables, for clues.
make sure you are running the Foundry equivalent of PVST+ ( i.e. a
separate instance of STP per vlan, not a single common instance.
Probably MSTP ?)
tcpdump should tell you
From:
http://www.cisco.com/en/US/products/hw/switches/ps607/products_configuration_example09186a0080094789.shtml
Note: Catalyst 2900XL/3500XL switches do not support LACP. Catalyst
2950/2955 switches support LACP for channel negotiation with Cisco IOS
Software Release 12.1(6)EA2 or later. C
Indeed, I believe whilst c3750 support traffic-shaping, the c3550 does
not.
BTW, instead of assigning a /30 per user as wasting 75% of your IP
address space, try looking that the 'private vlan' IOS command, which
should allow you to use much bigger subnets and still control the user-
user
Okai,
here's my $0.02 on the subject:
http://systemnet.no/ios-uptime.jpg
/Pete
On 29 Oct 2008, at 18:49, guilherme m. schroeder wrote:
Hi,
Uptimes sucks. Here's the biggest i've ever seen in the company i
work:
[EMAIL PROTECTED] ~]$ uname -a
SunOS optg998 5.6 Generic_105181-26 su
Hi,
Whilst I fully acknowledge the stigmatism that goes with java, I'm
very grateful to Kurt et. al. for making it run under OpenBSD. It has
saved me from having to admin extra linux/solaris boxes many times,
when customers insist on java. I'm also looking forward to merely
pkg_add'ing i
nd 45sec outage across entire switch infrastructure. (This can be
mitigated with PVST and RSTP somewhat).
/Pete
On 23 Sep 2008, at 14:51, Dave Wilson wrote:
Pete Vickers wrote:
1. create a layer 2 (switched) ring, using spanning tree.
- completely independent of openbsd box
2. connect
1. create a layer 2 (switched) ring, using spanning tree.
- completely independent of openbsd box
2. connect your (dual NIC) openbsd box to 2 separate switches for
redundancy, and add both NICs to a trunk group.
- redundancy of switch, cabling and NICs.
[EMAIL PROTECTED] ~
xec/ld.so
perhaps like the ssh libraries are not needed, but where should the
ssh keys be put ?
[EMAIL PROTECTED] />grep nagios /etc/passwd
_nagios:*:550:550:Nagios user:/var/www/nagios:/sbin/nologin
in /var/www/nagios/.ssh/ ?
TiA,
Pete Vickers
[EMAIL PROTECTED] | +47 48 17 91 00
SystemNet AS
Hi,
Assuming the box is only a DNS server, then the simplest & easiest (in
my option) is to take a copy of the DNS related files:
- /etc/rc.conf.local
- /var/named/*
- noting also IP address, hostname etc etc
and then reinstall the o/s from a recent snapshot (downloaded h
1. enable netboot in eee's BIOS settings
2. man 8 pxeboot
/Pete
On 23 Jul 2008, at 16:33, [EMAIL PROTECTED] wrote:
Hi
Sorry for the noise but I am trying to install openbsd an an eeepc
via a usb pen. I have managed to install 4.(1 or 2) in the past but
do not seem to be able to get the 4.3
looks like there is some work in progress to update the in-tree BIND
to 9.4.2-P1 + local tweaking, for example:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bind/lib/dns/dispatch.c?r1=1.8
As Theo points out, patience is a virtue, and it's the "+ local
tweaking" above that is the reason
Does this mean we should expect one soon ?
http://securosis.com/publications/CERT%20Advisory.doc
/Pete
nah, real men wrote a program to write their thesis for them ;-)
/Pete
On 24 Jun 2008, at 22:29, Martin Schrvder wrote:
2008/6/24 Pierre Riteau <[EMAIL PROTECTED]>:
As someone already said earlier, you can write your letter in troff
with mg or vi and create a postscript file from that.
Re
perhaps you could write your script in perl ?
http://www.openbsd.org/4.3_packages/i386/p5-Net-SSH-Perl-1.30.tgz-long.html
/Pete
On 19 Jun 2008, at 16:31, Stuart Henderson wrote:
On 2008-06-19, Richard Storm <[EMAIL PROTECTED]> wrote:
I am writing script, that would ssh to switch and dump
c
I've had good results with SIEGE
http://www.joedog.org/
/Pete
On 14 Jun 2008, at 12:55, Mikolaj Kucharski wrote:
Hi,
This is off topic, but does anyone know preferably commandline utility
with which I could test HTTP server? What interests me is repeated
connections and stats how long it
1 - 100 of 160 matches
Mail list logo