Re: 4-ports router under $150
Is that this one? https://store.ubnt.com/products/edgerouter-6-port-1 On 8 April 2018 at 01:57, Jordan Geoghegan <jgeoghega...@gmail.com> wrote: > The Edgerouter 6 is going to be coming out shortly, that is what I am > holding out for to run my home network on. > > > > On 04/07/18 14:59, Anatoli wrote: > >> Hi All! >> >> I'm looking for a modest 4-5 ports router under $150 that works well with >> OpenBSD. I don't need WiFi, USB or console port, and the throughput don't >> need to exceed 100Mbps. The ideal device would be EdgeRouter X (compact, 5 >> ports, $50) but I know it's not supported at this moment and probably never >> will be. >> >> EdgeRouter (ER) Lite only has 3 ports and the switch ports (eth2-4) of >> ERPOE-5 are not yet supported. >> >> ER-4 would be great, but the 4th port is SFP, I'd need to by an SFP NIC >> for one of my devices and I'm not sure it's supported as the octeon page >> says ER PRO SFP ports are not supported yet. Also it's a bit expensive >> ($190). >> >> Banana Pi R2 would be great too, but I couldn't find if it's supported by >> OpenBSD (it has MediaTek MT7623N, Quad-core ARM Cortex-A7). >> >> Are there 4-5 port devices that are known to work well with OpenBSD? >> >> Thanks, >> Anatoli >> >> > -- Regards, -- Rui Ribeiro https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Lenovo 110s Laptop - bug or unsupported hardware?
Hi, I have exactly the same behaviour in a Lenovo Ideapad IBR 110S here using i3 or Lumina using *any* browser after a couple of minutes, so it is not faulty hw of the poster. The behaviour was not present with 6.1. On 28 October 2017 at 04:33, J Vans <3...@startmail.com> wrote: > I decided to post this in misc because I am not sure if this a bug or > unsupported hardware. It is a Lenovo 110s laptop. > > Apm works on this machine. Suspend and resume work on this machine. > > When running X, and doing things that require a lot of memory (open > firefox and watch a youtube video + 3 or 4 more tabs + open evince and open > a sizeable PDF was my test) this machine freezes, and the screen goes > black. Sometimes this happens in 30 seconds, sometimes it takes 10 minutes > or more. I also tested with Chrome and Midori, and got the same behavior. I > also tested playing video locally and the results were the same. On a few > occasions it crashed while not doing much, but for the most part if I keep > memory usage low (i.e. use a text based browser, for example) it does not > crash. DDB is opening in the background after the crash, but I cannot see > it. I type ps, and trace, but they do not show up in the messages after > rebooting. I have however been able to get several core dumps. They look > identical to eachother, which leads me to believe it is the same problem > happening in each crash. > > The above behavior is consistant across i3, Fvwm, and Cwm, with apmd > enabled or no, across all flag settings of apm, and machdep.aperture=0, 1, > and 2. > > Serial console is not an option on this machine but I have quite a > collection of core dumps. Any advice on trouble shooting this further (or > if it's unsupported hardware) would be appreciated. > > The below info was generated using a kernel built from GENERIC's config + > makeoptions DEBUG="-g", built from the CURRENT tree on 10/26. > > GNU gdb 6.3 > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you > are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "amd64-unknown-openbsd6.2". > (gdb) file bsd.8 > Reading symbols from /home/utilis/CRASH/102717/607pm/bsd.8...done. > (gdb) target kvm bsd.8.core > #0 0x8167c544 in dumpsys () at /usr/src/sys/arch/amd64/amd64/ > machdep.c:949 > 949 error = (*dump)(dumpdev, blkno, va, n); > Current language: auto; currently minimal > (gdb) where > #0 0x8167c544 in dumpsys () at /usr/src/sys/arch/amd64/amd64/ > machdep.c:949 > #1 0x8167bfea in boot (howto=0) > at /usr/src/sys/arch/amd64/amd64/machdep.c:743 > #2 0x813cccf5 in reboot (howto=Variable "howto" is not available. > ) at /usr/src/sys/kern/kern_xxx.c:70 > #3 0x81009f7e in db_boot_crash_cmd (addr=Variable "addr" is not > available. > ) > at /usr/src/sys/ddb/db_command.c:790 > #4 0x8100986d in db_command (last_cmdp=0x0, cmd_table=Variable > "cmd_table" is not available. > ) > at /usr/src/sys/ddb/db_command.c:303 > #5 0x8100a331 in db_command_loop () at > /usr/src/sys/ddb/db_command.c:703 > #6 0x816694d4 in db_trap (type=Variable "type" is not available. > ) at /usr/src/sys/ddb/db_trap.c:93 > #7 0x812a75ca in db_ktrap (type=0, code=0, regs=0x0) > at /usr/src/sys/arch/amd64/amd64/db_interface.c:152 > #8 0x811c150c in trap (frame=0x0) > at /usr/src/sys/arch/amd64/amd64/trap.c:188 > #9 0x81618a25 in calltrap () > #10 0x81405af0 in pmap_flush_cache (addr=18446603336235712512, > len=Variable "len" is not available. > ) > at /usr/src/sys/arch/amd64/amd64/pmap.c:1288 > #11 0x815b1a2b in gen8_ppgtt_clear_pte_range > (vm=0x80994000, > pdp=0x809941a0, start=Variable "start" is not available. > ) > at /usr/src/sys/dev/pci/drm/i915/i915_gem_gtt.c:394 > #12 0x81068ae8 in __i915_vma_unbind (vma=0x156, wait=Variable > "wait" is not available. > ) > at /usr/src/sys/dev/pci/drm/i915/i915_gem.c:3784 > #13 0x8106aa3e in i915_gem_free_object (gem_obj=0x80dd16d0) > at /usr/src/sys/dev/pci/drm/i915/i915_gem.c:3817 > #14 0x81332741 in drm_gem_object_handle_unreference_unlocked > (obj=0x156) > at /usr/src/sys/dev/pci/drm/drm_gem.c:900 > #15 0x81332626 in drm_gem_handle_delete (filp=0x1a7ec083, handle=3) > at /usr/src/sys/dev/pci/drm/drm_gem.c:424 > #16 0x8169da2c in drm_do_ioctl (dev=0x3, minor=Variable "minor" is > not available. > ) > at /usr/src/sys/dev/pci/drm/drm_drv.c:859 > #17 0x8169db2f in drmioctl (kdev=Variable "kdev" is not available. > ) > at /usr/src/sys/dev/pci/drm/drm_drv.c:886 > #18 0x8172fc5e in VOP_IOCTL (vp=Variable "vp" is not available. > ) at
Re: iPhone tethering ?
I would avoid *any* realtek devices. Power management bugs, bugs at the hw, firmware and driver level. Not particularly well impressed. But then, I have yet to find any *USB wifi* dongle that particularly impresses me. https://unix.stackexchange.com/questions/252210/wi-fi-problems-using-asus-usb-n13-adapter/252215 On 23 October 2017 at 10:25, Christoph R. Murauer <n...@nawi.is> wrote: > The only 2 options you have is, get a Android device then you can use > USB tethering over urndis(4) or, buy one of this round 10 Euro or less > mini USB WIFI dongles which use the urtwn(4) firmware, then you can > use your iPhone and tether using WIFI. > > The Edimax with a RTL8188CUSe and, the TP-LINK with a RTL8188EU work. > Used booth in the past. > > > Hi everyone ! > > > > Does iPhone tethering work with OpenBSD? In other words, is there an > > equivalent or alternative to FreeBSD & DragonFlyBSD’s usbmuxd in > > OpenBSD? The only thread about “tethering” that I found in the > > mailing list archives is about a Palm Treo. > > > > I will be thankful for any advise! > > > > RS.- > > > > > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Excited for 6.2 - C'mon and release this bad boy!
Sorry, have not been able to use the installation image in the last few days. The 6.2 directory started popping last week without it existing, and even 2-3 days ago the installation was not working yet even trying to point to the new directory. On 6 October 2017 at 16:33, Rui Ribeiro <ruyrybe...@gmail.com> wrote: > Hi, I have not been able to use the installation image in USB to install > it "6.2", is it working again? > > On 6 October 2017 at 16:25, tec...@protonmail.com <tec...@protonmail.com> > wrote: > >> Thanks for the link, looks like my suspicions were right. Good stuff. >> >> > Original Message >> > Subject: Re: Excited for 6.2 - C'mon and release this bad boy! >> > Local Time: 6 October 2017 3:22 PM >> > UTC Time: 6 October 2017 15:22 >> > From: gp...@mailbox.org >> > To: tec...@protonmail.com <tec...@protonmail.com>, misc@openbsd.org < >> misc@openbsd.org> >> > >> > I think you should wait at least a couple of days. >> > >> > https://www.openbsd.org/62.html >> > >> > On 10/06/2017 06:12 PM, tec...@protonmail.com wrote: >> >> This month marks 6 months since 6.1 released, and I have a sneaky >> feeling 6.2 could be coming out any day now.. well, I hope so. >> >> >> >> Looking forward to this! >> >> >> > > > > -- > Regards, > > -- > Rui Ribeiro > Senior Linux Architect and Network Administrator > ISCTE-IUL > https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434 > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Excited for 6.2 - C'mon and release this bad boy!
Hi, I have not been able to use the installation image in USB to install it "6.2", is it working again? On 6 October 2017 at 16:25, tec...@protonmail.com <tec...@protonmail.com> wrote: > Thanks for the link, looks like my suspicions were right. Good stuff. > > > Original Message > > Subject: Re: Excited for 6.2 - C'mon and release this bad boy! > > Local Time: 6 October 2017 3:22 PM > > UTC Time: 6 October 2017 15:22 > > From: gp...@mailbox.org > > To: tec...@protonmail.com <tec...@protonmail.com>, misc@openbsd.org < > misc@openbsd.org> > > > > I think you should wait at least a couple of days. > > > > https://www.openbsd.org/62.html > > > > On 10/06/2017 06:12 PM, tec...@protonmail.com wrote: > >> This month marks 6 months since 6.1 released, and I have a sneaky > feeling 6.2 could be coming out any day now.. well, I hope so. > >> > >> Looking forward to this! > >> > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Blocking users who change their IP address
Hi Eric, I had that problem in the past in a (small) wifi service that was sold to a few customers outside our cable network. I had a couple of customers connecting new routers to evade charges of extra Internet usage. I solved it changing my provisioning software to create static addresses and ARP entries to all IP addresses of that network at the router side, Obviously it could be circumvented with MAC spoofing, however it worked pretty well preventing random people from "inventing" different IP addresses. Regards On 5 October 2017 at 05:47, Eric Johnson <eri...@colossus.gruver.net> wrote: > > I'm at a small Wireless ISP in a small town and have only a Class C block > of addresses. A couple of years, one local store sold to a new buyer and > they wanted an Internet connection which I happily supplied with a single > IPv4 address fro the store. > > A couple of weeks ago, the outside company that handles their Point of > Sale (POS) modified their firewall and added a new IP address that created > problems for another local business because of the resulting conflict. > > According to an employee of the POS company, he merely used another IP > address in their subnet. I replied that they had an address, not a > subnet. So far, nobody has ever asked for a subnet and we have never > provided one. > > The address he poached was an address in the NAT pool. Since we have more > customers than we do IP addresses, nearly all customers except businesses > have addresses in the CGN address space, 100.64/10, and most of our IP > addresses are used in a NAT pool to service those addresses. > > I couldn't help wondering how intelligent one has to be to question > whether whether or not a small store in a small town with a single IP > address could possibly be assigned a block of 256 addresses. It should > have made him curious, but it didn't. It should have been glaringly > obvious that something didn't quite fit. > > Since then, I have configured their radio that if they ever do it again, > it won't pass any traffic for whatever address they try to poach. It will > work for their addresses only. > > The employee of the POS customer was surprised that he could possibly > assign an address and have it appear to work. That got me to wondering > how one would block it. > > The only thing I could think of off the top of my head was to configure > the firewall rules on their radio which is what I did to limit them to the > address. I've also modified the pf.conf rules to block any host spoofing > the NAT pool addresses. > > That still leaves open the question of what is the best way to set it up > so that a customer cannot change his IP address to interfere with another. > For example, if someone's SonicWall firewall has an IP address of > 203.0.113.10 and they change it to 203.0.113.20 which is already in use by > someone else, then we would still have a problem. > > Fortunately, all but a handful of our customers have radios that act as a > NAT device and with addresses assigned by the kea server on one machine. > Those customers would have to climb up on their roof or tower and press > the reset button to return to factory defaults before they could configure > another IP address and anyone who does that will find themselves having to > switch to another internet service because I'll come pick up their radio > as soon as possible. > > In the meantime, since there aren't all that many businesses with static > addresses on our network, I'll probably configure firewall rules on all > their radios in the next few days to cover the problem. > > Does anyone know a good way to automatically enforce requirements that > they use only those addresses that have been assigned to them? > > Eric > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Time management under QEMU-KVM
Hi, Does NTPDd supports "tinker panic 0" as the linux one? On 14 September 2017 at 12:46, Joel Wirāmu Pauling <aener...@aenertia.net> wrote: > Run NTPd on the hypervisor and NTP client In VM. Run ntpdate at boot before > starting NTPd on the client to ensure the stepping is not too far off > first. > > On 14 Sep. 2017 11:35 pm, "Aaron Marcher" <m...@drkhsh.at> wrote: > > Hi all, > > I have a weird problem on my OpenBSD server. It is a virtualized guest > under QEMU-KVM. Apperently time management is completely off. With HPET and > normal HW-clock the command "time sleep 1" shows a little bit more than a > second after a fresh boot. After a few hours the result is about 10 > seconds. Additionally the clock drifts slowly. The problem is on OpenBSD > 6.1 with all syspatches applied. > Does anybody know how to fix the problem? > Thank you very much in advance! > > Regards, > Aaron Marcher > > -- > Web: https://drkhsh.at/ or http://drkhsh5rv6pnahas.onion/ > Gopher: gopher://drkhsh.at or gopher://drkhsh5rv6pnahas.onion > GPG: 0x09e71697435bf54b > Fingerprint: 57D2 5F2C 9402 A6BD FEF9 B3B6 09E7 1697 435B F54B > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Banana-Pi R2
Hi, I once booted netbsd in my Banana Pi/Lamobo R1, which is a similar machine from "the same manufacturer"; the bigger problem is that outside Linux, there is no support for the Broadcom switching chipset. Regards, Rui Ribeiro On 6 September 2017 at 19:09, Holger Glaess <gla...@glaessixs.de> wrote: > hi > > > it is possible to boot / install openbsd on the new > > Banana Pi Router 2 Board ? > > for more details take a look > > http://www.banana-pi.org/r2.html > > > holger > > > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Access old PPTP behind OpenBSD 6.1
Be just careful that some operating systems already discontinued PPTP a few in the server side, and also in the client implementation, notably from iOS 10 and macOS Sierra, it is no longer supported. https://support.apple.com/en-us/HT206844 On 5 September 2017 at 07:36, lilit-aibolit <lilit-aibo...@mail.ru> wrote: > You need to have redirect rule to PPTP server for GRE protocol. > > However you'll have only one vpn session at same time. > > > > On 05/09/17 08:06, Lars Bonnesen wrote: > >> Yes... I know... Don't run MS PPTP and that is why I am implementing >> OpenBSD. >> >> Untill OpenVPN is fully installed on every client, I need to provide >> access >> to PPTP during transition. >> >> I don't know what to use in pf.conf though. I have tried everything that I >> find logical. >> >> In sysctl.conf I have added: >> >> >> net.inet.gre.allow=1 >> net.inet.gre.wccp=1 >> net.inet.mobileip.allow=1 >> >> >> Lets say that openBSD public IP is 1.2.3.4 local IP 10.77.1.2 and LAN is >> 10.77.1.0/24 - PPTP server is 10.77.1.106 >> >> How would my PPTP lines look in pf.conf? >> >> Help is greatly appriciated. >> >> Regards, Lars. >> >> > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Lenovo notebook: random lokups with 6.2 beta
Hi, Trying to use OpenBSD with 6.2 beta with a Lenovo Ideapad 14'' IBR-14'' Intel Celeron CPU N3060 @ 1.60GHz, 32GB SSD, 4GB RAM, based in the Broadwell chipset ; however I am having random lockups when using Firefox under xorg i3 or Lumina. uname -a OpenBSD 6.2-beta (GENERIC.MP) 50... Aug 27 I initially suspected it might me apmd, and already tried with or without it. I am led to suspect it is the recent patches to the Intel i950 that are creating the instability. To prove, or rule out that possibility I also tried to use wsfb as was doing with 6.1, https://unix.stackexchange.com/questions/370074/using-xorg-in-a-lenovo-ideapad , however it is returning an error about an invalid ioctl. Would you recommend a different approach? -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Pinebook (if anyones up for it)
The pinebook is reportedly neither well engineered and there are non-confirmed rumours it also do not has a reliable system/developer team. The future of their support appears to be no better than your regular off-the-mill Chinese no-name boards. Whilst the idea in paper sounds good, I would stay way from it. On 14 August 2017 at 13:27, <ti...@openmailbox.org> wrote: > Hi Alex, > > Probably the most sensitive spot will be implementing proper Mali chip > graphics support for X. > > See this post: http://marc.info/?l=openbsd-arm=150069580728434=2 . > > As I understand it, someone implemented an unaccelerated, blob-free > graphics driver for the Mali. > > There's more ARM laptops out there, for instance the Samsung Chromebook > Plus. > > Tinker > > > Hello, > > > > there is one enthusiast, who wants to make it possible: > > http://openbsd-archive.7691.n7.nabble.com/Working-on- > support-for-Pinebook-td318562.html > > > > I don't know the current state, but I also have a Pinebook and would > > like to run OpenBSD on it. > > > > > > Some info you can find there: https://www.openbsd.org/arm64.html > > == > > The Pine64 currently requires an image based on a non-redistributable > > boot0 file from Allwinner to be installed on the system disk. This > > will hopefully be resolved by a replacement in a future U-Boot > > release. The install media does not include these boot images or a > > Pine64 device tree. For similar reasons we do not provide install > > media for the Firefly-RK3399 either. > > == > > > > So, it seems that it's impossible yet. > > > > > > Cheers, > > Alex > > > > On Sun, May 14, 2017 at 12:19 PM, Christer Solskogen > > <christer.solsko...@gmail.com> wrote: > >> On Sat, May 13, 2017 at 11:43 PM, Andrew Gwozdziewycz <m...@apgwoz.com> > wrote: > >> > >>> My understanding is that there is some support for the Pine64 platform, > >>> though it requires access to the pins to get a serial console. I > haven't > >>> opened mine up yet, but I assume it's a Pine64, on a different > footprint > >>> PCB. Though... I have no idea about any other IO pins... > >>> > >> > >> And that's why I offered to buy one to a OpenBSD developer :-) > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: gmail and hotmail blocking mail sent from my IP
There were even customized ports of Qmail in the past that had options that could be easily be enabled to downright refuse email from emails hosts not matching A/PTR or HELO...not exactly good citizenship Cheers On 11 August 2017 at 10:49, Craig Skinner <skin...@britvault.co.uk> wrote: > On Thu, 10 Aug 2017 17:18:45 Stuart Henderson wrote: > > You can't expect to reliably deliver email unless you have a PTR > > record and an A/ record (at least within the same domain, though > > in some cases the full hostname needs to match). > > Yes - matching DNS PTR/A records, and HELO hostname generally seem to be > ranked higher for delivery than the SPF/DMARC/DKIM/etc optional extras. > > Cheers, > -- > Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7 > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: gmail and hotmail blocking mail sent from my IP
An email server in a residential setting will fail PTR unless you are working with a medium sized/an ISP that cares about their customers. see answer here https://unix.stackexchange.com/questions/371329/bind-proper-reverse-config On 9 August 2017 at 23:34, Rupert Gallagher <r...@protonmail.com> wrote: > The dns still fails RFC1912 (ptr). > > Sent from ProtonMail Mobile > > On Wed, Aug 9, 2017 at 6:39 PM, Walter Alejandro Iglesias < > w...@roquesor.com> wrote: > > > Hello Rupert, In article you wrote: > https://www.dnsinspect.com/ > roquesor.com/10171765 Try the link again. The reason it showed false > results was because dnsinspect.com IP was blocked in my pf firewall. I > have a script to detect hacking attempts in my port 25 and block those IPs > automatically. Thanks for your help anyways. And sorry if I didn't answer > you before. lhvy93s=@protonmail.com> -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: gmail and hotmail blocking mail sent from my IP
I would advise not assuming the email ISP will forward blindly all the email it gets. Back then years ago I ran an ISP, and the most strange ever support call I get was a competitor buying a modem of ours, and escalating a support call our email server was not forwarding *their* email. C: Well, our main server queue is full of messages and spam, and we just pointed our email server to yours to alleviate it...and it does not goes through ME: You know our central email server besides having anti-spam and grey listing, only forwards our own domain, right? (we had other email servers for corner cases, but it even then it would not fit their...special case) On 8 August 2017 at 22:39, Kevin Chadwick <m8il1i...@gmail.com> wrote: > I understand that given everyone uses gmail, hotmail or mail provided by > some multinational hosting service they assume mail coming from > residential connections cannot be other thing but spam sent from hacked > machines. But someone paying for a static IP in a residential > connection is the opposite case. When you have to deal with thousands > of users you resort to any trick you find on the Internet and start to > blindly blacklist all; this is a big servers problem. And the more > users you have to deal with the worse. On the contrary, from my part, I > have just a pair of personal addresses, so it's not a big deal for me to > audit my server and use more sane, less harmful and, overall, more > effective measures to filter spam and to prevent spam be sent from my > machine. And I think this is the direction everyone should point to > instead of resting day after day more and more on big companies for > everything. In general, everyone should tend to decentralize instead of > monopolize. The real problem is the passive attitude most people assume > in the use of the Internet (and life in general but I don't want to bore > you with cheap philosophy. :-)) > > > > > > Regards, > > > Thank you for your advice. > > > > +1, way more spam comes from universities and enterprise machines than > residential static ips with PTR records. It is not your error to fix. > > BTW Microsoft have their own SPF sign up thing but if I recall it was too > much hastle and maybe pay for. > > Keep ignoring those that suggest using your ISP, why would you send *all* > your mail through a likely untrustworthy mail system. > > Just accept that hotmail users often fish mail out of spam because the big > mail systems are crappy. > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Lenovo T440s
SunplusIT INC. > Integrated Camera" rev 2.00/26.03 addr 4 > video0 at uvideo0 > uhub2 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching > Hub" rev 2.00/0.04 addr 2 > scsibus2 at sdmmc0: 2 targets, initiator 0 > sd1 at scsibus2 targ 1 lun 0: SCSI2 0/direct > removable > sd1: 7580MB, 512 bytes/sector, 15523840 sectors > uhidev0 at uhub2 port 5 configuration 1 interface 0 "ELAN Touchscreen" rev > 2.00/0.12 addr 3 > uhidev0: iclass 3/0, 68 report ids > ums0 at uhidev0 reportid 1: 1 button, tip > wsmouse2 at ums0 mux 0 > uhid0 at uhidev0 reportid 2: input=64, output=0, feature=0 > uhid1 at uhidev0 reportid 3: input=0, output=31, feature=0 > uhid2 at uhidev0 reportid 4: input=19, output=0, feature=0 > uhid3 at uhidev0 reportid 10: input=0, output=0, feature=1 > ums1 at uhidev0 reportid 68 > ums1: mouse has no X report > vscsi0 at root > scsibus3 at vscsi0: 256 targets > softraid0 at root > scsibus4 at softraid0: 256 targets > softraid0: sd2 was not shutdown properly > sd2 at scsibus4 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct > fixed > sd2: 244190MB, 512 bytes/sector, 500102858 sectors > root on sd2a (2bfba486a7c923a2.a) swap on sd2b dump on sd2b > WARNING: / was not properly unmounted > iwm0: hw rev 0x140, fw ver 16.242414.0, address e8:2a:ea:56:4e:47 > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Split zone DNS?
Hi, In large scenarios, they might have an advantage in having the same domain inside and outside, which is when accessing services behind NAT addresses, you can serve the private address internally. In that way, you do not need to go to firewall and back to the private network to translate that NAT. Regards On 28 July 2017 at 15:23, Claer <cl...@claer.hammock.fr> wrote: > On Fri, Jul 28 2017 at 58:07, Steve Williams wrote: > > Hi, > Hello, > > > I recently upgraded to 6.1 and am trying to (finally, after many OpenBSD > > versions over 10 years) fine tune my home network. > > > > I would like to run a local resolver on my internal network that will > > resolve all my hosts on my local network to IP addresses on my local > > network(s) rather than resolving to their public IP addresses. > > > > I believe it's called a "split zone" DNS, where my domain is resolved > > locally, but everyone else is resolved using normal resolution processes. > > > > I set this up at one of my previous jobs using BIND, but that was 7 years > > ago. I've never gone to the trouble of doing it at home, but I would > like > > to exercise my brain a bit as well as having my home network set up > > "better". > > > > What is the best tool to accomplish this these days? Is NSD the "modern" > > tool to be using on OpenBSD? > I went for nsd for external domain informations and Unbound for local > cache and local resolutions override. > > bind was a DNS resolver and a forwarder at the same time. If you want > both options, you need to setup NSD and Unbound. > > Unbound alone can do the trick for few records, but I found it easier to > have a dedicated resolver in case I wanted to sync zones with a slave. > > > Are there any hooks for dhcpd to update records? > Dunno, I use static MAC - IP mapping. > > > I've read the NSD(8), nsd.conf(5) man pages and that seems to be the way > to > > go, but I thought I'd check the wisdom here to see if there is a better > > approach. > As said, just pay attention that nsd is a resolver only. > > > Thanks, > > Steve Williams > > Nowadays, I try to avoid using the same domain for internal and > external. From my ops point of view, having a domain.local and a > domain.ext is easier to maintain. > > > Regards, > > Claer > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: octeon port, ubiquity edgerouter
I also migrated a TP-Link with proprietary acceleration to OpenWRT. But then tweaked it, and on the plus side, put a *BSD* box/router on front of it doing NAT, which is what the acceleration was for. As usually, you cannot expect deploying a system, namely a *wrt/Linux system in a machine with limited resources, and not tweaking it/disabling things for better performance. I am very satisfied with the results. Plus, I do not feel comfortable on having a proprietary system+proprietary blobs facing the Internet, and will irregular or no existent security updates. On 26 July 2017 at 02:59, Sean Murphy <s.pat.mu...@gmail.com> wrote: > >> People are willing to take an unknown (right now) performance > penalty > >> to run openBSD on it and with pf. > > When I was using my ERL as primary gateway, I found that my network > performed better than it did with the dd-wrt based router I was using > previously. Everything was more stable, easier to keep track of what > was going on, and my work VPN was faster to connect and performed > tremendously. Anyone talking about a "performance penalty" is missing > the point. > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: usb RTC, was Re: octeon port, ubiquity edgerouter
I have bought already a couple of DS3231 at aliexpress, battery included and they cost around 1USD On 23 July 2017 at 07:50, Rupert Gallagher <r...@protonmail.com> wrote: > Dirty cheap. > https://www.adafruit.com/product/3013 > Sent from ProtonMail Mobile > > On Sat, Jul 22, 2017 at 8:33 PM, gwes <g...@oat.com> wrote: > > > On 07/22/17 12:10, Theo de Raadt wrote: > > I'd really like if someone > could find a USB RTC clock, which is a viable > affordable product which we > can then create good support for. I've searched > and found a few > prototypes and 'licence key' products, but nothing readily > available > which we could support & encourage as a solution for the RTC > problem. > > What kind of packaging, fit & finish, and price would be acceptable? For > example: A commodity microcontroller on a tiny PCB, a Dallas Semi RTC on > another tiny commodity PCB and a lithium coin cell in a 4cm x 6cm x 2cm > commodity box could be professionally assembled and sold in unit quantities > in a month for $50. Accuracy limit is the 32Khz crystal. Temperature > compensation to match the standard quartz curves in the ucode. Burn-in and > trimming to a few PPM would add maybe $5. The same parts on a single PCB in > a slightly smaller box might take three months, an expected sale quantity > of 50, and sell for $30. USB stick size, etc. - I'm sure you can > extrapolate from there. Geoff Steckel > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: How do you do "family remote support"?
"I dont do Windows!" works pretty well... On 12 July 2017 at 05:56, Rupert Gallagher <r...@protonmail.com> wrote: > Never heard of port mapping on modem/routers? > Sent from ProtonMail Mobile > > On Tue, Jul 11, 2017 at 11:33 PM, Kurt H Maier <k...@sciops.net> wrote: > > > On Tue, Jul 11, 2017 at 05:22:29PM -0400, Rupert Gallagher wrote: > > Never heard of whatismyip.org? > Sent from ProtonMail Mobile Never heard > of NAT? Sent from QMail Stationary -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Tor Relay
Sorry, link here https://unix.stackexchange.com/questions/327804/how-to-create-a-darknet-tor-web-site-in-linux/327805 On 25 June 2017 at 17:33, Rui Ribeiro <ruyrybe...@gmail.com> wrote: > While not answering your question, this related post and links should be > useful, I hope. > > Regards > > On 25 June 2017 at 16:39, nicehat <ca...@protonmail.com> wrote: > >> I'm looking for some good links on setting up a OBSD based Tor relay. >> I had a few good ones but they have since gone into hiding. >> Anyone with some experience/tips would be helpful >> Regards >> Happy Camper >> >> Sent with [ProtonMail](https://protonmail.com) Secure Email. > > > > > -- > Regards, > > -- > Rui Ribeiro > Senior Linux Architect and Network Administrator > ISCTE-IUL > https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434 > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Tor Relay
While not answering your question, this related post and links should be useful, I hope. Regards On 25 June 2017 at 16:39, nicehat <ca...@protonmail.com> wrote: > I'm looking for some good links on setting up a OBSD based Tor relay. > I had a few good ones but they have since gone into hiding. > Anyone with some experience/tips would be helpful > Regards > Happy Camper > > Sent with [ProtonMail](https://protonmail.com) Secure Email. -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: Gestão de Contratos - Elaboração e Administração
Please delete this spammer. This is publicity in my mother tongue. 2017-06-21 15:30 GMT+01:00 Fabio Pereira <fabio.barb...@multicursos.com.br>: > GESTÃO DE CONTRATOS > > MELHORES PRÁTICAS REGRAS E MODELOS DE CONTRATAÇÃO > > 18 de Julho de 2017 - São Paulo-SP > > Como efetuar uma gestão contratual considerando o contexto econômico > atual, adotar providências concretas para minimizar efeitos negativos e > otimizar resultados. > > Principais assuntos a serem tratados > > • Elaboração de contratos eficientes > > • Como estruturar uma área de contratos > > • Mensurar os resultados e ganhos efetivos a partir da implantação de > programas de Gestão de Contratos > > • Relacionamento e situações de crise entre contratantes > > • Redução de custo em contratos de serviços ou fornecimentos de produtos > > Para mais informações e inscrição, entre em contato! > > Fabio Barbosa > > 11 4105-3904 > > 11 98661-6822 > > fabio.barb...@multicursos.com.br mailto:fabio.barb...@multicursos.com.br > > Não deseja mais receber nossas mensagens? Acesse este link [unsubscribe > https://u5033597.ct.sendgrid.net/asm/unsubscribe/?user_id=5033597= > w3F28RO7csaw4yGt5gUAswuHaidXo4qMqMPNCF37lhAZg3b2wJh5Nq1Oglk1 > hbINhfD6NKXWN8TsAuTJs5Xfan_bOsYMOstvepnJ41TYYeL3i3VFsneRZ > f55O9PWU1ccmBtXmxUaO45acEcQmF4t6c8LKZ3kNhyKaFMxCsfQ9dm5CTpF_ > MH64pGoDaZ1XCOSZC3ZF_9-oJxlsKNPiUuAvMyXKwm8DVi7o5frg9zYzQ3EKe34xqloX- > SyTFY8wuycyiQ0t-QjBHrsAPAaksm3e3PS1iwuZcFUQSNQe78VJW0Lvm31LmIEYY0KB7mKpfu- > 9gxwcnaStagNJT24HaCeUwiPVz5xKyJKnyz01-coZF9EmjdOOsu25wSZPG0An00Mps4a > QOjKC7FILf-9a6uQPOv3IFj1HN6kVrNH_MWooT3qB13-fXIeRnTJK8ql7E2Kj7cZUjwHpJe_- > NcCumuIXbER5rKLRDzU9_4txvrWCo7R9OWQr3prI3py7iPlELPmgdOm6hjdQlOvpjTEhBMNaa_ > VKfhhG1d1vzxbhOqq5-Jgw1CUHyyRubQtcDq8A3XO] -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: DNS hijacking (was Re: Is this an intrusion?)
Hi, Depending on how "evil" the ISP is, or how you want to obfuscate your metadata, you might want to have a look at dnscrypt https://blog.ipredator.se/openbsd-dnscrypt-howto.html On 18 June 2017 at 10:59, Stuart Henderson <s...@spacehopper.org> wrote: > On 2017-06-17, Paul Suh <pl...@goodeast.com> wrote: > > Folks,=20 > > > > My understanding of the way that this is done is by returning a CNAME = > > when the ISP's DNS recursive DNS server would otherwise return a = > > NXDOMAIN result, followed by a HTTP 302 when the browser attempts to = > > reach the host via the bogus CNAME.=20 > > > > My question is would running my own internal recursive DNS resolver be = > > sufficient to stop this from happening? (I run my own DNS server anyway, > = > > but I'm curious to see whether it would be sufficient to bypass the = > > search page redirection stupidity.)=20 > > Usually that's enough, but it depends how evil the ISP is. > > -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434