Re: i386 -current Sloppy source-track Breaks?

Hi Misc@, I noticed that this ICMP traffic always gets a bad checksum leaving the router. sample: on routerA(accessRouter) $ ping 203.190.abc.xyz PING 203.190.abc.xyz: 56 data bytes 64 bytes from 203.190.abc.xyz: icmp_seq=0 ttl=58 time=6.215 ms 64 bytes from

Re: Load balancing and fail-over

Route lookups are based on the *destination* address not the source address, you could add a route for a certain destination via a certain interface to send packets out that way. Hmm. that sounds good to me. Since I have 2 interfaces for 2 different WAN connections. It is possible to add

Re: Watchdog timeout reset in 5.1 on intel nic:s

On Fri, May 11, 2012 at 09:13:30AM -0400, Simon Perreault wrote: On 2012-05-11 04:15, Garry Dolley wrote: I now have an amd64 test VM set up, where I installed stock 5.0. I ran a lot of traffic over em0 without any timeouts. That's expected. 5.0 has been running without issue for me for a

Re: Load balancing and fail-over

On 2012/05/17 13:20, Indunil Jayasooriya wrote: Route lookups are based on the *destination* address not the source address, you could add a route for a certain destination via a certain interface to send packets out that way. Hmm. that sounds good to me. Since I have 2

Re: trunk0 with dual stack

Thank you very much for explanations. It works very good. Thank you, Bogdan From: Stuart Henderson s...@spacehopper.org To: misc@openbsd.org Sent: Wednesday, May 16, 2012 6:08 PM Subject: Re: trunk0 with dual stack On 2012-05-16, Bogdan Andu bo...@yahoo.com

Re: Load balancing and fail-over

hi why you not try the relayd way ? look at http://gouloum.fr/doc/multilink.html the part with relayd holger On 2012/05/17 13:20, Indunil Jayasooriya wrote: Route lookups are based on the *destination* address not the source address, you could add a route for a certain destination

Re: Load balancing and fail-over

why you not try the relayd way ? look at http://gouloum.fr/doc/multilink.html the part with relayd holger On 2012/05/17 13:20, Indunil Jayasooriya wrote: Route lookups are based on the *destination* address not the source address, you could add a route for a

Re: Watchdog timeout reset in 5.1 on intel nic:s

On Fri, May 11, 2012 at 09:13:30AM -0400, Simon Perreault wrote: On 2012-05-11 04:15, Garry Dolley wrote: I now have an amd64 test VM set up, where I installed stock 5.0. I ran a lot of traffic over em0 without any timeouts. That's expected. 5.0 has been running without issue for me for a

Re: Load balancing and fail-over

why you not try the relayd way ? look at http://gouloum.fr/doc/multilink.html the part with relayd I found that URL yesterday, I will have to learn it. I just try to do it with a shell script. anyway, Thanks a lot. -- Thank you Indunil Jayasooriya

Re: Load balancing and fail-over

No, your script or ifstated config will need to adjust this rule, you can do this by using a macro to write the rule, something like this: GATEWAYS=1.1.1.1@em0 2.2.2.2@em1 pass in on $int_if from $lan_net route-to { $GATEWAYS } This helps because you can override the macro on the pfctl

Re: Watchdog timeout reset in 5.1 on intel nic:s

On Thu, May 17, 2012 at 03:19:07AM -0700, Garry Dolley wrote: On Fri, May 11, 2012 at 09:13:30AM -0400, Simon Perreault wrote: On 2012-05-11 04:15, Garry Dolley wrote: I now have an amd64 test VM set up, where I installed stock 5.0. I ran a lot of traffic over em0 without any timeouts.

IPs in the facebook.com domain accessing OpenSBD firewall

Hi, This traffic is blocked on the external interface of the firewall. May 17 11:34:56.013614 rule 7/(match) block in on em1: 66.220.151.124.47369 xxx.yyy.ddd.zzz.53: 58106 NS? . (19) May 17 11:34:56.763086 rule 7/(match) block in on em1: 66.220.151.124.47369 xxx.yyy.ddd.zzz.53: 58107 NS? .

Re: greylisting and blacklisting rules in pf.conf

ager39...@mypacks.net writes: What rules should I have in pf.conf for both greylisting and blacklisting? I'd like to blacklist those site that got spam through the greylisting. Unless you explicitly start spamd in blacklisting-only mode, it will greylist. The spamd related rules I have in

Re: IPs in the facebook.com domain accessing OpenSBD firewall

Most likely that someone posted a link to a resource in your domain, and your DNS appears to be an authoritative for that zone. Sounds quite realistic. There on facebook might be some kind of parser trying to retreive a preview for the link or something similar... Anyway, have a look at the DNS

Re: IPs in the facebook.com domain accessing OpenSBD firewall

I wonder if these machines in the facebook.com domain are infected with some malware bots? Facebook *is* a malware bot:) Let the request through and log what it tries to do next, this could be quite a story. -- p

Re: IPs in the facebook.com domain accessing OpenSBD firewall

Didn't take into account that you do not publish the DNS. That fact makes my assumption wrong. Really, go and log the requests! =) 17.05.2012 15:50, Siju George P=P0P?P8Q
P0P;: This traffic is blocked on the external interface of the firewall. -- Best regards, Pavel Shvagirev skype:

Re: IPs in the facebook.com domain accessing OpenSBD firewall

http://meetings.ripe.net/ripe-52/presentations/ripe52-plenary-dnsamp.pdf

Unuseful error message in BIND 9.4.2-P2

I am putting up OpenBSD 5.1 for the first time and I am getting May 17 11:36:59 mail named[6539]: starting BIND 9.4.2-P2 May 17 11:37:00 mail named[6539]: command channel listening on 127.0.0.1#953 May 17 11:37:00 mail named[6539]: running May 17 11:37:00 mail named[6539]:

Re: authorized_keys and security(8)

Hi Chris, Chris Cappuccio wrote on Thu, May 03, 2012 at 09:31:55PM -0700: Mike Erdely [m...@erdelynet.com] wrote: FYI: For a test, I added foo with useradd(8) and bar with adduser(8): # grep -E (foo|bar) /etc/master.passwd foo:*:1002:1002::0:0::/home/foo:/bin/ksh

Re: update http://www.openbsdsupport.org/

Hi, Daniel, maybe you should pass over natural instinct of being associated with a good thing and change the domain name and the layout of the site. As it is now, it will look like OpenBSD mantained site for a beginner. Just a tought, nothing personal.

Re: update http://www.openbsdsupport.org/

Le 2012-05-17 22:41, Mihai Popescu a C)critB : Hi, Daniel, maybe you should pass over natural instinct of being associated with a good thing and change the domain name and the layout of the site. As it is now, it will look like OpenBSD mantained site for a beginner. Just a tought, nothing

Les nouvelles / Chien A Plumes - 2.3.4.5 Aout - LANGRES

FESTIVAL LE CHIEN A PLUMES /// 2.3.4.5 AOUT 2012 LANGRES - Lac de Villegusien - 52 QUOI DE NEUF ?? Au chien ` plumes ... _ ___ GROUNDATION REJOINT LA PROGRAMMATION DU JEUDI 2 AOUT !! Les

PHP APC installation problem on OBSD 5.0

Hi all, I am trying to install the APC extension for PHP on my OBSD server. Steps taken: pkg_add pecl-APC-3.1.7p0.tgz which works fine When I use pkg_info to check, it tells me to create a symbolic link from /etc/php-${PV}.sample/${MODULE_NAME}.ini to /etc/php-${PV}/${MODULE_NAME}.ini however,

Re: Re : Error while copying data from another disk

cp: /mnt/oldhome/xxx/Virtualisation/QEmu/FreeBSD/doc/doc.gd: Bad file descriptor Why are you usign cp? Why don't you dump | restore?

carp mixed states

hi still looking for an answer to the following question hi all have configured two firewalls with carp i have connectivity to the internet and the firewalls failover properly. when i check the carp states of each firewall the slave reports that its wan connection is in the master state the same

5.1 is shipping = maybe a little relaxing time for The Man

May 19: Happy Birthday, Theo! *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not

Re: IPs in the facebook.com domain accessing OpenSBD firewall

On Thu, May 17, 2012 at 7:31 PM, Jonathan Gray j...@jsg.id.au wrote: http://meetings.ripe.net/ripe-52/presentations/ripe52-plenary-dnsamp.pdf Thankyou so much :-) Siju