Re: know any neat tricks for 2 * dhclient?

2005-10-27 Thread Sebastian Benoit
sending this packet out through that interface, it can't send it out on all other interfaces. /Benno -- Sebastian Benoit [EMAIL PROTECTED] My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ GnuPG 0xD777DBA7 2003-09-10 D02B D0E0 3790 1AA1 DA3A B508 BF48 87BF D777 DBA7

ADSL with german t-online

2005-07-11 Thread Sebastian Benoit
queue [... and more of the same ...] I am starting pppd this way: # cat /etc/hostname.tun0 !/usr/sbin/ppp -ddial -unit 0 pppoe Any ideas what the problem might be? note: i also tried using kernel pppoe when setting up the system, but that did not work at all. Benno -- Sebastian Benoit [EMAIL

Re: ADSL with german t-online [SOLVED]

2005-07-11 Thread Sebastian Benoit
disable acfcomp protocomp ipv6cp The solution was to add disable ipv6cp. Thanks to Stefan and Alex, /Benno -- Sebastian Benoit [EMAIL PROTECTED] My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ GnuPG 0xD777DBA7 2003-09-10 D02B D0E0 3790 1AA1 DA3A B508 BF48 87BF

Re: mpt driver and Intel SE7520JR2 board

2006-02-06 Thread Sebastian Benoit
. - system works with FreeBSD, with mirrored SCSI disks and without. - system works with Linux, without mirror, not tested with. complete dmesg attached. /Benno -- Sebastian Benoit [EMAIL PROTECTED] My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ GnuPG 0xD777DBA7 2003-09-10

Re: pfctl Cannot allocate memory

2007-04-13 Thread Sebastian Benoit
I want to load about 5mln of IP addresses to pf table for spamd,and I get pfctl Cannot allocate memory. You have to increase the max number of table entries with set limit table-entries num in pf.conf. /B. -- Sebastian Benoit [EMAIL PROTECTED]

Re: Prevent circumventing dansguardian with pf

2007-05-04 Thread Sebastian Benoit
sort of packet to the outside world, he can send almost any information. If you want deny users the possiblility to smuggle data outside of their workplace (or whatever) then don't connect them to the internet. /Benno -- Sebastian Benoit [EMAIL PROTECTED] There are no good wars

Re: Preventing man-in-the-middle attack on authpf?

2007-05-08 Thread Sebastian Benoit
. -- Sebastian Benoit [EMAIL PROTECTED]

Re: Rename multiple files at once

2007-06-27 Thread Sebastian Benoit
file1_thumb.jpg file_2_thumb.jpg you could then do rename 's/\.jpg/_thumb.jpg/' file.jpg file1.jpg file_2.jpg The first argument of this rename command can be any valid perl expression :-) /B. -- Sebastian Benoit [EMAIL PROTECTED] Gegen Krisen kann keiner was! Unverr|ckbar |ber uns; Stehen

Re: Via EPIA boards

2006-04-20 Thread Sebastian Benoit
selector tool on crucial.com lists non-ecc memory only. The new CX700 chipset supports ECC memory: http://www.via.com.tw/en/products/chipsets/c-series/cx700/ /B. -- Sebastian Benoit [EMAIL PROTECTED] Religion is for people who believe in hell; spirituality is for people who've been

Re: Problem with dhcpd

2006-07-04 Thread Sebastian Benoit
. -- Sebastian Benoit [EMAIL PROTECTED] If mass-email wouldn't work, you woudn't be reading this! -- found in spam-email

Re: scrub reassemble tcp and nat causes problems with some sites

2006-07-19 Thread Sebastian Benoit
Walter Haidinger([EMAIL PROTECTED]) on 2006.07.19 12:28:52 +: Hi! I'm running OpenBSD 3.9 GENERIC as a NAT router. If I add the reassemble tcp option to my scrub rule in pf.conf, I have trouble connecting to some sites, particulary ebay (ebay.de, ebay.at and ebay.com as well as e.g.

Re: currently opened file descriptors

2006-08-04 Thread Sebastian Benoit
Stephan A. Rickauer([EMAIL PROTECTED]) on 2006.08.04 09:20:09 +: How can one list the number of file descriptors a shell and any processes created by that shell are currently opened? fstat (1) /B.

Re: authpf for console users

2006-12-04 Thread Sebastian Benoit
Peter Matulis([EMAIL PROTECTED]) on 2006.12.03 23:08:13 +: I am running 3.9 and 4.0 systems. From what I see, I cannot use authpf for users who have interactive shells. This seems very limiting. It's a shell after all. Is there any workaround? My idea is to load certain rules I need

Re: Looping in ksh

2006-12-20 Thread Sebastian Benoit
Uwe Dippel([EMAIL PROTECTED]) on 2006.12.20 18:43:35 +: I needed some little script; and - as usual - tried it out by typing: ^^! #!/bin/sh ^^! Question: What is missing in the loop ? nothing, your shell ist ksh, not sh. /B. -- Sebastian Benoit [EMAIL PROTECTED]

Re: dhclient -current

2007-01-08 Thread Sebastian Benoit
than buffer. rejecting bogus offer. /B. -- Sebastian Benoit [EMAIL PROTECTED] [demime 1.01d removed an attachment of type application/pgp-signature]

Re: mixed (compile from source, binary update) approach

2007-01-17 Thread Sebastian Benoit
and it would perhaps make binary updates easier because only parts of the OS would have to be updated. You can update parts of the OS right now: see the instructions in every patch-file on http://www.openbsd.org/errata.html /Benno -- Sebastian Benoit [EMAIL PROTECTED]

Re: web sites not accessible

2007-02-11 Thread Sebastian Benoit
Gustavo Rios([EMAIL PROTECTED]) on 2007.02.11 12:55:14 +: Thanks, but i am using kernel pppoe! How can it be changed? see the manpage pppoe(4) in section MTU/MSS ISSUES /Benno -- Sebastian Benoit [EMAIL PROTECTED]

pf: BAD state messages

2011-08-19 Thread Sebastian Benoit
(pfsync bulk start) pfsync: requesting bulk update pfsync: received bulk update start pfsync: pfsync_input: PFSYNC_ACT_UPD: invalid value pfsync: pfsync_input: PFSYNC_ACT_UPD: invalid value -- Sebastian Benoit benoit-li...@fb12.de

net-snmptrapd problem with traps from OpenSNMPD

2009-08-25 Thread Sebastian Benoit
Hi, i am trying to receive snmp traps generated by relayd and send via snmpd to a host running net-snmp snmptrapd. there i only get the error Cannot find TrapOID in TRAP2 PDU config: # OpenBSD 4.5 snmpd.conf: - listen_addr=127.0.0.1 # Restrict daemon to listen on

Re: Configuring Syslog to log from Fortigate

2010-03-23 Thread Sebastian Benoit
Siju George(sgeorge...@gmail.com) on 2010.03.23 20:09:19 +0530: It is getting logged to /var/log/messages :-( I wish I could get it logged to a specific file for further analysis you can set the syslog faciliy on the sending (fortigate) side: config log syslogd setting set facility local0

Re: IPSEC tunnels failing intermittently

2011-05-02 Thread Sebastian Benoit
Stuart Henderson(s...@spacehopper.org) on 2011.05.02 13:30:34 +: I see something similar which I've been trying to track down but not really succeeding. The thing we have in common is multiple subnets, I wonder if this is a factor... I have seen this too, two times in 3 weeks, with 7

Re: Hardware (firewall) recommendation

2012-04-17 Thread Sebastian Benoit
Henning Brauer(lists-open...@bsws.de) on 2012.04.17 11:52:49 +0200: I thought about being able to power cycle the machine when it freezes that hard, when it may not drop into ddb. Otherwise yes, serial console would suffice, even rebooting from within ddb. I hope it may not happen at

Re: using relayd in transparent mode

2012-05-03 Thread Sebastian Benoit
Martin Bley(martin.b...@bvl.bund.de) on 2012.05.03 08:49:41 +0200: Hi, Am 28.03.2012 13:30, schrieb Stuart Henderson: Looks like this probably got broken in the proc.c privsep reorganization. Try 'cvs up -D 2011/05/08 in src/usr.sbin/relayd and relayctl and rebuilding. Date:

Re: Unbound

2012-05-25 Thread Sebastian Benoit
Geoff Steckel(g...@oat.com) on 2012.05.25 14:37:29 -0400: Thanks very much! I think using NSD for the outward facing authoritative service makes sense. Retaining BIND is probably best for the internal service since I see no way to add the local domains, etc. to unbound/nsd while retaining

Re: Accounting and external logging?

2012-07-03 Thread Sebastian Benoit
Johan Ryberg(jo...@securit.se) on 2012.07.03 11:28:34 +0200: Hi. I need to log all user activity and store the data on a logging facility. Accouting provides some information but not all. Is it possible to use syslog and transmit every command entered by the users? man accton

Re: Relayd issue.

2012-09-23 Thread Sebastian Benoit
Pierre ANCELOT(pierre...@gmail.com) on 2012.09.22 13:12:29 +0100: em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0c:29:e3:41:56 priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex,master) status:

Re: OpenBGPd / max-prefix 0

2012-10-09 Thread Sebastian Benoit
Laurent CARON(lca...@unix-scripts.info) on 2012.10.09 09:14:43 +0200: Hi, I'd like to establish a session with a peer I don't want to accept any route of. My first guess would be to set max-prefix 0 your first guess is wrong. It seems however max-prefix 0 means no limit on the number

Re: restart relayd with new config

2012-11-28 Thread Sebastian Benoit
lilit-aibolit(lilit-aibo...@mail.ru) on 2012.11.28 15:58:42 +0200: Scenario: I'm using relayd as transparent proxy and block some sites in work time, so I have two configs: # cat /etc/relayd.conf prefork 5 http protocol httpfilter { tcp { nodelay, sack, socket buffer 65536, backlog

Re: OSPFD on a VLAN Trunk Interface

2013-01-16 Thread Sebastian Benoit
MJ(m...@sci.fi) on 2013.01.15 22:45:46 +0200: [...] 4) On box3, all routes show up with next-hop of 10.1.0.1 (vlan2 on box2), instead of the IP addresses of the respective vlan interfaces. I want the real gateways to show up as next-hops. [...] box 3 -- [root@box3

Re: OpenBGP - iBGP peers not announcing after 3 hops

2013-02-04 Thread Sebastian Benoit
Eduardo Meyer(dudu.me...@gmail.com) on 2013.02.04 13:51:25 -0200: On Mon, Feb 4, 2013 at 1:36 PM, Peter Hessler phess...@theapt.org wrote: make iBGP2 a route server. Sounds promising, what are the key configurations in bgpd.conf to do so? So I can look further. Are we talking 'bout

Re: relayd and icecast

2013-02-08 Thread Sebastian Benoit
Kapetanakis Giannis(bil...@edu.physics.uoc.gr) on 2013.02.08 14:32:21 +0200: On 07/02/13 15:50, Kapetanakis Giannis wrote: [snip] which version of OpenBSD are you using?

Re: OpenBGP Issues. :-(

2013-02-28 Thread Sebastian Benoit
Alex Mathiasen(a...@mira.dk) on 2013.02.28 14:51:25 +0100: Dear recipients, I have been using OpenBGP for a while with OpenBSD - And I am very satisfied with the performance and amazed by the ease of configuration. My BGPD is configured against a Danish ISP called TDC - And we were

Re: relayd: relay on physical vs. carp

2013-05-01 Thread Sebastian Benoit
mxb(m...@alumni.chalmers.se) on 2013.05.01 12:09:28 +0200: Hello list@, I'v encountered a bit odd, in my opinion, behavior of relayd. If relayd configured to listen on the IP attached to the physical NIC for a given relay, then I can see it creating an anchor for this relay in pf(pfctl

Re: pflow collection and analysis

2013-05-02 Thread Sebastian Benoit
Jan Stary(h...@stare.cz) on 2013.05.02 16:08:34 +0200: Hm, setting the flow sender to 127.0.0.1 solved it $ cat /etc/hostname.pflow0 flowsrc 127.0.0.1 flowdst 127.0.0.1:9995 pflowproto 5 That is, nfscapd didn't see any flows if the reports were

Re: 5.3 relayd instability -- crashes with hce exiting

2013-06-03 Thread Sebastian Benoit
Hi, unfortunatly you do not show your configfile, so i have to guess (you can send it to me in private if you do not want to send it to a mailing-list). You have a relay or redirect with ssl in your config? Please try the attached patch, it's against -current, but should apply on 5.3. Apply by

Re: BGPd filter puzzle

2013-08-07 Thread Sebastian Benoit
Rod Whitworth(glis...@witworx.com) on 2013.08.07 16:14:50 +1000: On Wed, 7 Aug 2013 07:30:49 +0200, Claudio Jeker wrote: This is from the network stack, it does not mean that bgpd added routes for this. For that you should check bgpctl show rib, bgpctl show fib and route(8) output. I'll

Re: bgpd(8) EGP vs IGP question

2013-10-29 Thread Sebastian Benoit
Adam Thompson(athom...@athompso.net) on 2013.10.29 15:20:04 -0500: I've got two border gateways that peer (eBGP) with the same external AS; they also peer with each other (iBGP) as per normal BGP design. Naturally, the BGP RIB contains two copies of every route; one learned from the

Re: General question about openbgpd and PF

2013-10-29 Thread Sebastian Benoit
OCEANET - C?dric BASSAGET(ced...@oceanet.com) on 2013.10.29 18:27:09 +0100: Hi, Simple and general question : Is it a good thing to run PF on an openbgpd server (for security reasons), or should I de-activate PF ? Yes, in general you should: At least to make sure only traffic from your own

Re: Intel Atom S1260 (SuperServer 5017A-EF)

2013-11-15 Thread Sebastian Benoit
Paul B. Henson(hen...@acm.org) on 2013.11.15 13:59:19 -0800: I'm looking at a supermicro SuperServer 5017A-EF for openbsd purposes, it's got an Intel atom S1260 SoC, Marvell 88SE9230 SATA, and i350AM2 dual gig interfaces. It looks like i350 support shipped in 5.2, and I'm pretty sure the

Re: Intel Atom S1260 (SuperServer 5017A-EF)

2013-11-16 Thread Sebastian Benoit
Paul B. Henson(hen...@acm.org) on 2013.11.15 15:54:04 -0800: On Fri, Nov 15, 2013 at 11:25:50PM +0100, Sebastian Benoit wrote: Don't buy this one (yet). The Marvell 88SE9230 SATA does not work. i know cause i have one ;-) Arg, disappointing, but I'm glad I thought to check before buying

Re: Setting relayd outbound source address/using existing NAT rules

2013-12-19 Thread Sebastian Benoit
Matt Carey(cvstealth2...@yahoo.com) on 2013.12.17 05:22:12 -0800: In an attempt to use relayd as an outbound http proxy, which is just needed to do URL filtering rather then content caching, I'm finding that the outbound connections are being sourced from the IP of the external interface of the

Re: OpenBGPd match clause with multihop BGP session

2014-01-23 Thread Sebastian Benoit
Laurent CARON(lca...@unix-scripts.info) on 2013.12.13 11:31:02 +0100: Hi, I'm using cymru[1] bogon feed onto a router receiving several full tables. On this router I have: neighbor $CYMRU_PEER_v4 { descr cymru-fullbogon-v4-001 local-address

Re: OpenBGPd match clause with multihop BGP session

2014-01-24 Thread Sebastian Benoit
Laurent CARON(lca...@unix-scripts.info) on 2014.01.24 09:24:26 +0100: On 24/01/2014 00:38, Sebastian Benoit wrote: This is normal behaivor (and perhaps a misunderstanding on your side): bgpd will only put routes into the fib that are best and valid in the rib. A route comming from an EBGP

Re: Interface/IP limit on isakmpd, no listen-on in ipsec.conf, IPSec failover enhancement, IPSec tunnel rebuild enhancement

2014-02-15 Thread Sebastian Benoit
andy(a...@brandwatch.com) on 2014.02.12 12:22:57 +: Hi, I think this is a fairly simple one. Our firewalls are growing in complexity and the number of interfaces and IPs as time goes on, and we recently hit an isakmpd limit. When isakmpd starts it tries to bind to *every* single IP

Re: relayd crashing after header append added

2014-03-20 Thread Sebastian Benoit
Keith(ke...@scott-land.net) on 2014.03.20 15:45:47 +: Does anyone know what might be causing this to happen and if there's a workaround ? possibly, but your report is lacking a dmesg.

Re: OT: Does OpenBSD run on SuperMicro MicroCloud models, and may be on 5037MC-H12TRF

2014-05-16 Thread Sebastian Benoit
Daniel Ouellet(dan...@presscom.net) on 2014.05.15 20:51:12 -0400: Hi, Sorry for the off topic question, but I don't know any other way to find out. Google didn't provide much answer on this model yet for OpenBSD. Does anyone may had a chance to know or test if that unit can run OpenBSD

Re: pflow and interface numbers

2014-05-29 Thread Sebastian Benoit
Marko Cupa??(marko.cu...@mimar.rs) on 2014.05.29 16:22:40 +0200: Hi, I am exporting netflow data from OpenBSD 5.5 machine to another non-OpenBSD machine with nfsen installed, which is successfully receiving netflow data. I have the following in pf.conf: set state-defaults pflow And

Re: pf icmp redirect question

2014-05-30 Thread Sebastian Benoit
Marko Cupa??(marko.cu...@mimar.rs) on 2014.05.30 11:32:14 +0200: Hi, let's say for example I have web server on internal network, and I have redirected tcp port 80 from firewall to it: pass in on $ext_if inet proto tcp from any to $pub_web port 80 \ rdr-to $priv_web From the wording

Re: netflow srcip and dstip reversed for redirected traffic

2014-05-31 Thread Sebastian Benoit
Marko Cupa??(marko.cu...@mimar.rs) on 2014.05.31 13:03:18 +0200: Hi, I'm trying to understand and measure traffic on relatively large and complicated pf firewall, and for this purpose I am exporting netflow data with pflow to nfsen/nfdump. For the time being, I have set pflow on external

Re: relayd url redirection

2014-06-21 Thread Sebastian Benoit
Predrag Punosevac(punoseva...@gmail.com) on 2014.06.20 22:35:13 -0400: I am seriously reading realyd man pages for the first time in my life. Namely I am after url suffix redirection. I will try to explain little bit better. relayd cannot do this currently unfortunatly. /Benno

Re: Pflow granularity

2014-06-24 Thread Sebastian Benoit
Tristan PILAT(tristan.pi...@gmail.com) on 2014.06.24 11:04:35 +0200: 2014-06-04 16:37 GMT+02:00 Stuart Henderson s...@spacehopper.org: On 2014-06-02, Andy a...@brandwatch.com wrote: I think you might have to try softflowd instead of the built-in sflowd.. These guys had the same

Re: root's password

2014-06-28 Thread Sebastian Benoit
Giancarlo Razzolini(grazzol...@gmail.com) on 2014.06.28 00:10:31 -0300: I never got a machine hacked, even when not using any mitigation techniques. Are you sure?

Re: pf block return sends rst through wrong interface

2014-09-13 Thread Sebastian Benoit
Hi Thomas, A possible solution to your problem might be to put ext_if1 into its own rdomain with its default route out through ext_if1. /Benno Henning Brauer(hb-open...@ml.bsws.de) on 2014.09.12 18:10:26 +0200: * Thomas Pfaff tpf...@tp76.info [2014-08-28 13:51]: I have a router with two

Re: Relayd, how to relay-to based on path

2014-12-24 Thread Sebastian Benoit
Harald Klimach(har...@klimachs.de) on 2014.11.30 11:32:33 +0100: Hello, I am trying to substitute a nginx proxy by relayd and would like to forward connections to different backends, based on the path in the request. In the Paper Recent work in OpenBSD relayd from 2013 there is an example

Re: 5.6, IPv6: is autoconf set by default?

2015-01-07 Thread Sebastian Benoit
Harald Dunkel(ha...@afaics.de) on 2015.01.01 14:12:30 +0100: On 12/30/14 18:26, Henrik Friedrichsen wrote: It certainly doesn't seem to be enabled by default as I just had to enable it to get an IPv6 assigned. This was on -CURRENt, though. My concern is about accepting foreign

Re: carp(4) requires carpdev in OpenBSD 5.7

2015-08-03 Thread Sebastian Benoit
Rolf Sommerhalder(rolf.sommerhal...@alumni.ethz.ch) on 2015.08.01 17:17:42 +0200: After upgrading a firewall cluster from 5.6 to 5.7, I observed that carpX interfaces failed to come up with their settings. A manual start 'sh /etc/netstart carpX' ran without errors, although carpX still did

Re: relayd relay stability

2015-07-20 Thread Sebastian Benoit
Hi Keith, please update relayd to the version from current and see if this fixes your problems. quite a few bugs were fixed since 5.7 release. /Benno Keith(ke...@scott-land.net) on 2015.07.20 23:55:43 +0100: Hi, Since upgrading one of our OpenBSD firewalls on Monday last week we

Re: apu1d as an NTP server

2015-10-25 Thread Sebastian Benoit
Gene(gh5...@gmail.com) on 2015.10.23 15:39:26 -0700: > Howdy, > > Has anyone here used the PC Engines apu1d system board as an NTP server? yes > I'm looking at setting up some in house stratum-2 servers so I can be a > better neighbor. Wondering what kind of performance/capacity others have >

Re: OpenBSD sendfile

2015-10-05 Thread Sebastian Benoit
Bogdan Andu(bo...@yahoo.com) on 2015.09.29 14:16:51 +: > Hi, > > I have a piece o software to install that requires > sendfile functionality . is your piece of software a haskell program? > I installed hs-sendfile from ports, which should provide > sendfile, but now sendfile library or

Re: panic in Dec 23 snapshot

2015-12-23 Thread Sebastian Benoit
a fix for this was commited about an hour ago by jasper@ Mike(the.li...@mgm51.com) on 2015.12.23 17:23:17 -0500: > I just downloaded and installed the Dec 23 snapshot. The install goes > fine. However, when I reboot and sit at the login: prompt for a few > seconds, a panic screen appears. I

Re: [pf] NAT64 rule for *outgoing* packets

2016-06-19 Thread Sebastian Benoit
Dan L??dtke(m...@danrl.com) on 2016.06.07 19:14:24 +0200: > Follow-up: > > This rule matches outgoing packets to nat64 well-known prefix 64:ff9b::/96: > pass out quick on $if_wan inet6 from $if_wan:network to 64:ff9b::/96 af-to > inet from ($if_wan) af-to does not work on pass out rules. Why do

Re: Corrections to the Release Song Lyrics page

2016-06-19 Thread Sebastian Benoit
Tae Wong(seotaewon...@gmail.com) on 2016.06.19 07:58:33 +0900: > The source page I provided here is http://www.openbsd.org/lyrics.html > > In this page, I've found the following errors. > ??? In the "I'm still here" song credits, Jonathan Lewis is displayed as > Jonathan D. Lewis (middle

Re: Carp interface sitting on vlan can not be pinged

2016-05-13 Thread Sebastian Benoit
Kim Zeitler(kim.zeit...@konzept-is.de) on 2016.04.15 11:41:07 +0200: > Hello > > maybe a stupid question, but is it possible to run a carp(4) interface > on vlan(4) interfaces? yes > In the following setup we have the problem that both boxes can be pinged > on their address associated with

Re: rwhod in 5.9 ?

2016-05-05 Thread Sebastian Benoit
stan(st...@panix.com) on 2016.05.03 07:17:38 -0400: > Building 5.9 machines to replace 5.5 ones. Looking in /usr/src on the 5.9 > machines, I do not see the code for rwhod. Has this been removed, and if > so, why? We use this on all of our mahcines. Because we remove code that nobody uses and

Re: [patch] bgpctl more info in terse format

2016-04-18 Thread Sebastian Benoit
If you do that, then you can also just parse the output of "bgpctl show sum", no? /Benno Denis Fondras(open...@ledeuns.net) on 2016.04.17 18:09:18 +0200: > Hello, > > When monitoring my bgpd, I need to check the session duration and the number > of > prefixes. Here is a patch that add these

Re: performace impact of excessive use of the "quick" keyword in pf.conf?

2016-07-20 Thread Sebastian Benoit
Fabio Almeida(mente...@gmail.com) on 2016.07.20 16:45:08 -0300: > No need to worry about it. > I manage systems with more than 6000 rules without any problem. > In fact you'll need to worry just about disk I/O if all your rules use log > and if the disk is not so fast. > In case you have this

Re: Relayd and stateful tracking options

2016-08-09 Thread Sebastian Benoit
Mathieu BLANC(mathieu.bl...@smile.fr) on 2016.08.09 11:18:57 +0200: > Hello, > > I'm using relayd with Redirections (OpenBSD 5.9) > Relayd creates these rdr-to rules : > anchor "_http" all { > pass in quick on rdomain 0 inet proto tcp from any to A.B.C.D port = 80 > flags S/SA keep state

Re: relayd send/expect syntax

2017-02-09 Thread Sebastian Benoit
i came to the same conclusion, ok benno@ Reyk Floeter(r...@openbsd.org) on 2017.02.09 00:25:31 +0100: > On Tue, Feb 07, 2017 at 05:04:18PM -0500, Michael W. Lucas wrote: > > host 104.236.197.233, check send expect (9020ms,tcp read timeout), state > > unknown -> down, availability 0.00% > > The

Re: rdomain incompatible with NSD ? (OpenBSD 6)

2016-09-03 Thread Sebastian Benoit
Bob Jones(r.a.n.d.o.m.d.e.v.4+openbsdm...@gmail.com) on 2016.09.03 19:11:41 +0100: > Hi, > > Not sure if its a feature or a bug. ;-) > > OpenBSD my.example.com 6.0 GENERIC.MP#2319 amd64 > > Relevant bit of /var/nsd/etc/nsd.conf: > ip-address: 10.1.2.3 > > > $ cat /etc/hostname.vmx1 >

Re: Bizarre arp entry corruption

2017-03-10 Thread Sebastian Benoit
Joe Holden(m...@m.jwh.me.uk) on 2017.03.09 13:41:26 +: > On 09/03/2017 11:51, Martin Pieuchot wrote: > >On 07/03/17(Tue) 19:38, Joe Holden wrote: > >>On 12/12/2016 16:55, Joe Holden wrote: > >>>On 12/12/2016 10:27, Martin Pieuchot wrote: > On 11/12/16(Sun) 00:50, Joe Holden wrote: >

Re: NAT Address Pool question

2017-07-26 Thread Sebastian Benoit
Eric Johnson(eri...@colossus.gruver.net) on 2017.07.26 03:48:16 -0500: > > Yesterday I switched from using a single address for NAT to an address > pool. I used the round-robin for the address pool with sticky-address in > the pf file. > > It seemed logical to me to add each IP address in the

Re: HELP! My HTTPD website keeps breaking because the custom directory/user permissions are being reverting for some reason!

2017-05-29 Thread Sebastian Benoit
tec...@protonmail.com(tec...@protonmail.com) on 2017.05.28 19:57:41 -0400: > Hi there, > > I have been using httpd for quite a while now, but after a new > project/website having to have read/write/execute permissions (unsafe, I do > realise..) I decided to: > > 1. add root to the www group, >

Re: Manual to cd (change working directory)

2017-12-14 Thread Sebastian Benoit
ATS XCompared to the shell builtin, X.Nm Xis not very useful. The only thing it really does is set the exit code. XIt looks like a striking example of standards' insanity. X.Sh AUTHORS X.An -nosplit XThis command is based on the X.Xr ksh 1 Xshell builtin. XThe manpage was written by X.An Sebastian Benoi

Re: Intel X-550T 10 GbE Adapter cards

2018-05-06 Thread Sebastian Benoit
Peter J. Philipp(p...@centroid.eu) on 2018.05.06 21:47:02 +0200: > Hi, > > The ix(4) manpage mentions there is support: > > o Intel X550-T 10GbE Adapter (10GbaseT/1000baseT/100baseTX) > > However there is a X550-T1 and a X550-T2 model are both supported or > > just the X550-T1? its the

Re: build and ports mismatching ?

2018-05-24 Thread Sebastian Benoit
Elias M. Mariani(marianiel...@gmail.com) on 2018.05.24 14:22:35 -0300: > Hi, > I noticed just now a couple of errors after updating from > snapshots/amd64 (22/05) and updating the packages with pkg_add -u > (24/05) indicating a mismatch in some library, I think it was > libfreetype.so.28.2 vs 29.0

Re: Confusing IPv6 route(8) results

2018-05-24 Thread Sebastian Benoit
Denis Fondras(de...@openbsd.org) on 2018.05.24 17:57:19 +0200: > On Thu, May 24, 2018 at 07:04:04AM -0400, David Higgs wrote: > > But shouldn???t the answer be the same, since I have a valid default route? > > > > It should but that's not how route(8) works for now :) > > Barely tested diff,

Re: build and ports mismatching ?

2018-05-24 Thread Sebastian Benoit
what you are doing) could be solved by making sure package builds and base are always in sync. But we do not want to do that because it slows down development. > I mean, the ports did not install the library, that means that one of > the packages of x did it. > Cheers. > Elias. >

Re: Confusing IPv6 route(8) results

2018-05-24 Thread Sebastian Benoit
Denis Fondras(de...@openbsd.org) on 2018.05.24 22:09:30 +0200: > On Thu, May 24, 2018 at 08:43:30PM +0200, Sebastian Benoit wrote: > > Denis Fondras(de...@openbsd.org) on 2018.05.24 17:57:19 +0200: > > > On Thu, May 24, 2018 at 07:04:04AM -0400, David Higgs wrote: >

Re: rtadvd bug ?

2018-06-17 Thread Sebastian Benoit
Hi, Denis Fondras(open...@ledeuns.net) on 2018.06.17 21:45:37 +0200: > On Mon, Jun 11, 2018 at 10:13:36AM +0200, Bastien Durel wrote: > > Because it's lower than RTP_CONNECTED and I don't know what it is. The > > /* local address routes (must be the highest) */ comment makes me think > > it MAY

Re: rdomain/rtable

2017-12-23 Thread Sebastian Benoit
Paul B. Henson(hen...@acm.org) on 2017.12.19 17:54:48 -0800: > I've got a box with an LTE cellular modem in it whose purpose is to provide > a backup connection to the Internet if the hardwire service goes down. It's > running OSPF to connect to the rest of the network, and the only time any >

Re: Wondering if any of my hardware is working on -current

2018-02-08 Thread Sebastian Benoit
Chris Bennett(chris...@bennettconstruction.us) on 2018.02.07 21:03:09 -0800: > Does any of my hardware work in -current? cd0 at scsibus1 targ 1 lun 0: ATAPI 5/cdrom removable your cd-rw drive probably works. > Lots of stuff fails in 6.2 stable. > WiFi and touchpad

Re: Adding New Commands to BGP Looking Glass?

2018-07-24 Thread Sebastian Benoit
MonsieurFugu(aleks.mcallis...@gmail.com) on 2018.07.24 03:48:11 -0700: > > It is not clear whether you rebuilt bgplg or not. > > Also mtrace binary needs to be built statically. > > I restarted the console and used the following commands; > # /etc/rc.d/httpd start > # /etc/rc.d/bgpd start > But I

Re: Duplicate IP Address -> Spoof/Verizon???

2018-09-08 Thread Sebastian Benoit
Jay Hart(jh...@kevla.org) on 2018.09.08 12:06:03 -0400: > > Le sam. 8 sept. 2018 13:40, Jay Hart a crit : > >> -ifconfig -A from the router-- > >> re1: flags=8843 mtu 1500 > >> lladdr 00:22:4d:d1:48:d5 > >> inet 192.168.1.1 netmask 0xff00 broadcast

Re: mgre and bgpd

2018-07-04 Thread Sebastian Benoit
Hi, is this on -current? Please provide a dmesg. Also: are you saying that 'bgpctl sh fib' displays routes that 'netstat -rn' or 'route -n show' do not? /Benno Benjamin Girard(benjamin.gir...@kambi.com) on 2018.07.03 14:13:01 +: > Hi, > > So we are currently trying to set up one mgre

Re: Boot problem after power failure in OpenBSD 6.2 and later versions

2018-04-21 Thread Sebastian Benoit
augusta bonaventura(augusta...@gmail.com) on 2018.04.21 10:55:54 +0300: > There is no problem when I reboot many times. Whenever I turn off power > supply hardly, it comes with problem. > it is not a solution for me to implement the solutions you specify. I > installed/updated(boot-kernel) it

Re: Way to specify offset suggestion autoalignment multiple in disklabel(8)? (w.o. paper, pen and a 2:nd computer)

2018-04-16 Thread Sebastian Benoit
Tinker(t1...@protonmail.ch) on 2018.04.16 03:30:37 -0400: > Hi, > > When in "disklabel -E" for instance in the OS installer, being able to > specify that I want the partition offsets to be multiples of 2048 would > be useful. why? to whom?

Re: upgrade 6.2 snapshots to 6.3 release

2018-04-19 Thread Sebastian Benoit
Kapetanakis Giannis(bil...@edu.physics.uoc.gr) on 2018.04.19 13:37:24 +0300: > Hi, > > since more and more of my servers have been migrated to OpenBSD :) and I'm > getting a bit lazy, I want to upgrade some of my 6.2 snapshots to 6.3 > release and use syspatch for upgrading them in the future.

Re: How to maintain/debug OpenBSD

2018-04-20 Thread Sebastian Benoit
sunny.na...@igreen.pk(sunny.na...@igreen.pk) on 2018.04.20 06:56:01 +: > Hi > > Sometimes we need to maintain or debug OpenBSD. > I found these links useful : > https://www.openbsd.org/ddb.html (https://www.openbsd.org/ddb.html) > https://man.openbsd.org/crash (https://man.openbsd.org/crash)

Re: upgrade 6.2 snapshots to 6.3 release

2018-04-19 Thread Sebastian Benoit
Kapetanakis Giannis(bil...@edu.physics.uoc.gr) on 2018.04.19 14:22:57 +0300: > On 19/04/18 13:54, Sebastian Benoit wrote: > > Kapetanakis Giannis(bil...@edu.physics.uoc.gr) on 2018.04.19 13:37:24 +0300: > >> Hi, > >> > >> since more and more of my servers have

Re: counting dropped packets for pf

2018-03-29 Thread Sebastian Benoit
3(ba...@yandex.ru) on 2018.03.29 02:10:29 +0300: > > 3(ba...@yandex.ru) on 2018.03.28 23:03:27 +0300: > >> > On 03/28/18 15:04, 3 wrote: > >> >> hi guys. when the pflow option first appeared, i was surprised by the > >> >> stupidity of those who implemented it- pflow could not be specified > >> >>

Re: counting dropped packets for pf

2018-03-28 Thread Sebastian Benoit
3(ba...@yandex.ru) on 2018.03.28 23:03:27 +0300: > > On 03/28/18 15:04, 3 wrote: > >> hi guys. when the pflow option first appeared, i was surprised by the > >> stupidity of those who implemented it- pflow could not be specified > >> for block-rules, i.e. dropped packets were not taken into

Re: PPPoE connection closing right after authentication?

2018-03-26 Thread Sebastian Benoit
Jon Martin(jmg...@gmail.com) on 2018.03.22 13:19:51 -0600: > On Tue, Mar 20, 2018 at 10:27:16AM +, Stuart Henderson wrote: > > > > It's not clear from your mail, have you tried just using CHAP? > > That's what I get for writing e-mails in the middle of the night. > > I did try CHAP: > >

Re: OpenBGPd Changes from 5.x to 6.2

2018-03-26 Thread Sebastian Benoit
Mike Hammett(openbsd-m...@ics-il.net) on 2018.03.26 10:34:24 -0500: > Did the config for openbgpd change from 5 to 6? I copied a config file Yes. > over and it complains about a line I have, `softreconfig in yes`. It > doesn't show in https://man.openbsd.org/bgpd.conf but >

Re: Redistributing between bgpd and ospfd

2018-10-15 Thread Sebastian Benoit
open...@kene.nu(open...@kene.nu) on 2018.10.15 11:05:41 +0200: > Hello, > > I am trying to get bgpd and ospfd play nicely with route redistribution. > > So far the only way I have found that suits my need is to use > bgpd.conf network statements and rtlabels. > > So, to make ospfd learn route

Re: pf keep sate

2018-10-22 Thread Sebastian Benoit
Daniel Corbe(dco...@hammerfiber.com) on 2018.10.22 11:09:08 -0400: > at 10:04 AM, Fr??d??ric Goudal wrote: > > >- is there any reason to add keep state to a pass rule ? Only if you want to use one of the "Stateful Tracking Options" (see pf.conf(5)). For example, to add no-sync (dont send the

Re: relayd and radius

2018-10-21 Thread Sebastian Benoit
Shawn Southern(shawn.south...@entegrus.com) on 2018.10.19 18:01:41 +: > So apparently this works... I was expecting relayd to listen on those ports, > but I'm guessing that since it hooks through pf, that's not necessary. It only listens if you use "relay". If you use "redirect", it uses pf

Re: Redistributing between bgpd and ospfd

2018-10-17 Thread Sebastian Benoit
open...@kene.nu(open...@kene.nu) on 2018.10.17 12:44:02 +0200: > Hello, > > On Tue, Oct 16, 2018 at 4:56 PM Sebastian Benoit wrote: > > > > Tommy Nevtelen(to...@nevtelen.com) on 2018.10.16 15:11:51 +0200: > > > On Tue, Oct 16, 2018 at 10:21:37AM +0200, Claudio Jeker

Re: Redistributing between bgpd and ospfd

2018-10-16 Thread Sebastian Benoit
Tommy Nevtelen(to...@nevtelen.com) on 2018.10.16 15:11:51 +0200: > On Tue, Oct 16, 2018 at 10:21:37AM +0200, Claudio Jeker wrote: > > On Tue, Oct 16, 2018 at 09:13:20AM +0200, open...@kene.nu wrote: > > > Hello, > > > > > > Only relying on OSPF hellos effectively makes it mimic BGP with its > > >

Re: Redistributing between bgpd and ospfd

2018-10-28 Thread Sebastian Benoit
use that on their CE's. same there, use priority 28 /Benno > Thanks for everything that you do, and keep up the great work! > > On Mon, Oct 15, 2018 at 8:37 AM Claudio Jeker > wrote: > > > On Mon, Oct 15, 2018 at 02:48:31PM +0300, Gregory Edigarov wrote: > > >

Re: relayd smtp traffic

2018-10-19 Thread Sebastian Benoit
Markus Rosjat(ros...@ghweb.de) on 2018.10.19 13:20:46 +0200: > Hi all, > > once again a silly question (but maybe someone is willing to answer) > about relayd. Is it spossible to determine the domain of the recipient > and depending on this redirect the traffic to da specific server behind >

  1   2   >