Re: Conditional passive FTP rules on firewall

2005-08-09 Thread Stuart Henderson
--On 08 August 2005 23:58 -0400, Jason Haag wrote: Ftp access works in active mode via ftp-proxy. Passive mode does *not* work since I block client traffic not going to the proxies via pf. Is it possible to create conditional pf rules to pass certain traffic to a host *after* a connection to a

Re: I've a question about sasync ...

2005-08-09 Thread Stuart Henderson
--On 09 August 2005 11:11 +0200, Stefan Sczekalla-Waldschmidt wrote: for failover functionality - I'd like to use sasync too, but I'm somewhat confused - do I have to wait for 3.8 for this feature or if I can use the 3.7 Stable branch and make my own release to deploy. - Or do I need to follow

Re: large BIND binaries

2005-08-10 Thread Stuart Henderson
--On 10 August 2005 18:09 +1000, David Crawshaw wrote: On 10/08/2005, at 5:56 PM, Paul de Weerd wrote: While building an (unsupported, i know) stripped down install, I noticed that the larger binaries in /usr/sbin are all from BIND : -r-xr-xr-x 1 root bin 1015716 May 22 10:11

Re: BSD PPPoA Hardware

2005-08-16 Thread Stuart Henderson
--On 16 August 2005 01:54 -0700, J.C. Roberts wrote: Assuming you don't have a provider requirement of using their specified DSL modem, it may be possible to use OpenBSD as a *replacement* for the DSL modem itself. I know we've got some degree of ATM support but I don't know how well (or if)

Re: Need Opinion

2005-08-16 Thread Stuart Henderson
--On 16 August 2005 16:56 +, Carlos A. Garcia G. wrote: i have users internal with private ip and others internal with public ip addresses lets say: public net usr private net usr 148.233.82.0/24 10.1.0.0/16 | | internal

Re: How to patch a physically weak system recommended use of sudo?

2005-08-18 Thread Stuart Henderson
--On 18 August 2005 13:03 +0200, Tim wrote: 1. I have a old computer that is slow and has little memory. But I want to keep it updated with patches. I can't compile these patches on the system but I could do it on another faster system. But how can I later apply the compiled patches to the weak

Re: PPTP GRE NAT PF!

2005-08-19 Thread Stuart Henderson
I'm trying to connect a Windows XP Sp2 (yes I know) box to a Win2k Server using PPTP across two firewalls. i.e. Logical layout [Win XP] IP/1723 GRE(47) [Firewall 1] - Internet [Firewall 2]-- [Win2k PPTP endpoint] Now for my first test Firewall 1 was a Linux 2.6.10 (ubuntu

Re: Kernel PPPoE PAP *and* CHAP Authentication (auto-negotiation?)

2005-08-20 Thread Stuart Henderson
On 2005/08/20 14:20:13, Adam Gleave wrote: I'm really running on PPPoA, but it is converted by the modem from PPPoE to PPPoA. That's unlikely, there's a guide on the web which says that this is what happens, but actually it's just running as a bridge and using PPPoE to BT (which BT say they

Re: Modifying man pages and composing new ones

2005-08-21 Thread Stuart Henderson
--On 21 August 2005 17:44 +1000, Rod.. Whitworth wrote: What format(s) are acceptable for submitting minor changes to man pages? The few I've submitted have been to the input files, in the hope that it gives jmc@ less to do by hand. I assume unified diff - but against what? The man page

Re: Kernel PPPoE PAP *and* CHAP Authentication (auto-negotiation?)

2005-08-21 Thread Stuart Henderson
--On 21 August 2005 09:10 +, Adam Gleave wrote: Given that there's a number of UK ISPs that will do at least a /30 for no extra charge, you might find it easier to use the router as a straight (PPPoA) router, and give the OpenBSD box the next address along... The router doesn't support

Re: Kernel PPPoE PAP *and* CHAP Authentication (auto-negotiation?)

2005-08-21 Thread Stuart Henderson
--On 21 August 2005 10:44 +, Adam Gleave wrote: On 21/08/05, Stuart Henderson [EMAIL PROTECTED] wrote: --On 21 August 2005 09:10 +, Adam Gleave wrote: Given that there's a number of UK ISPs that will do at least a /30 for no extra charge, you might find it easier to use the router

Re: Could not read network Connection list

2005-08-22 Thread Stuart Henderson
--On 22 August 2005 12:37 +0200, Marius Van Deventer - Umzimkulu wrote: In any case, my next little project will be to go through pf.conf with a fine tooth comb until I find the error. The best tool for debugging pf.conf is tcpdump, as described in pflogd(8). Make sure any 'drop' rules

Re: Could not read network Connection list

2005-08-22 Thread Stuart Henderson
--On 22 August 2005 06:03 -0500, Shawn K. Quinn wrote: On Mon, 2005-08-22 at 11:49 +0100, Stuart Henderson wrote: If you don't already have something like 'pass quick on lo0' near the start of your PF ruleset, you might like to add it. Actually, as of 3.7 set skip on lo0 is the preferred

Re: Win XP VPN

2005-08-23 Thread Stuart Henderson
--On 23 August 2005 20:15 +1000, Steve Murdoch wrote: without any joy. the winxp in my test case is behind a nat router will this cause me grief ? If the router has nat helpers for ipsec (e.g. speedtouch), try disabling them in case they interfere. Otherwise, you'll need to give some more

Re: Automatic setup of partitions

2005-08-23 Thread Stuart Henderson
After assigning a default disklabel (to a blank disk), can I just feed disklabel the partition information? ie, just this part: pipe into disklabel -E, perhaps?

Re: problem with rtw in hostap mode

2005-08-23 Thread Stuart Henderson
--On 23 August 2005 10:44 -0400, Will H. Backman wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Will H. Backman Sent: Monday, August 22, 2005 2:33 PM To: Misc OpenBSD Subject: Re: problem with rtw in hostap mode -Original Message-

db4 on macppc

2005-08-23 Thread Stuart Henderson
Can anyone confirm whether the db4 port is working on -current on macppc at the moment? I was trying to install cyrus, but it's hanging on ctl_cyrusdb -r at startup. Simplifying things I've tested with /usr/local/share/examples/db4/ex_env.c which has also been hanging sometimes when it

Re: /usr/share/pf/ suggestion

2005-08-23 Thread Stuart Henderson
--On 23 August 2005 17:25 -0400, Jason Crawford wrote: Secondly, it seems pretty pointless to setup pf on a single host. It has it's uses - spamd, for one...

Re: db4 on macppc

2005-08-23 Thread Stuart Henderson
--On 23 August 2005 21:48 +0200, Matthias Kilian wrote: Rebuild libdb with debugging enabled: $ cd /usr/ports/databases/db/v4 $ make uninstall $ DEBUG=-g make install Thanks, that's helpful. # gdb /tmp/ex_env GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software,

Re: carp on vlan's

2005-08-23 Thread Stuart Henderson
--On 23 August 2005 18:26 -0400, David Hill wrote: Is it possible to have fxp0 flag vlan0, then vlan0 flag carp0 that the link is down? yes, in -current. plus.html says: Make vlan(4) aware of the underlying link state, and report that up to other interfaces layered on top.

Re: db4 on macppc

2005-08-23 Thread Stuart Henderson
--On 23 August 2005 21:48 +0200, Matthias Kilian wrote: On Tue, Aug 23, 2005 at 07:54:56PM +0100, Stuart Henderson wrote: Simplifying things I've tested with /usr/local/share/examples/db4/ex_env.c which has also been hanging sometimes when it does 'dbenv-open'. Same problem here (with a four

Re: Complete disk disaster

2005-08-24 Thread Stuart Henderson
--On 24 August 2005 10:37 +0200, Ramiro Aceves wrote: pciide0:0:1: bus-master DMA error: missing interrupt, status=0x61 wd1a: device timeout reading fsbn 1489200 of 1489200-1489203 (wd1 bn 1489263; cn 1477 tn 7 sn 6), retrying wd1: soft error (corrected) wd1(pciide0:0:1): timeout type:

Re: 3.8 beta requests

2005-08-24 Thread Stuart Henderson
On 2005/08/24 14:28:25, Genadijus Paleckis wrote: well, from base system side I gues it will be minimal problems, but what about ports ? because almost everyone using it. If software segfaults because of this, it's because it's already doing something wrong, and it could already be giving

Re: /usr/share/pf/ suggestion

2005-08-24 Thread Stuart Henderson
--On 24 August 2005 07:10 -0700, Bryan Irvine wrote: They were very low bandwidth, but there went all available connections. Low-bandwidth is often worse if it's a dynamic website (especially if it needs a lot of RAM to service a connection), placing an http-accelerator in front can

Re: PF for OpenVPN

2005-08-25 Thread Stuart Henderson
--On 25 August 2005 09:04 +0100, Helio Santana wrote: My VPN works fine with pf disabled, but when I enable PF... this is the response PING 192.168.6.102 (192.168.6.102): 56 data bytes ping: sendto: No route to host That either means 'No route to host' or 'blocked by PF'. Since you turned

Re: How to configure bind to work under OpenBSD 3.7

2005-08-25 Thread Stuart Henderson
--On 25 August 2005 11:13 -0300, JoC#o Salvatti wrote: I'd like to know where I could find informations about how to configure bind to work under OpenBSD 3.7. named.conf(5) and BIND 9 Administrator Reference Manual, which you can find in /usr/share/doc/html/bind.

Re: named error

2005-08-26 Thread Stuart Henderson
file master/example-int.com ; Extra space between com and .

Re: wireless usb

2005-08-26 Thread Stuart Henderson
--On 25 August 2005 19:54 -0500, Qv6 wrote: I have just tried to use the following wireless usb network adapters with no luck. OpenBSD-3.7 does not recognize either: The Belkin was added in June. Try a 3.8-beta snapshot. RCS file: /data/cvs/OpenBSD/src/sys/dev/usb/if_ral.c,v Working file:

Re: Boot-time Bios Mods - Still Possible?

2005-08-28 Thread Stuart Henderson
--On 28 August 2005 10:22 -0500, Dave Feustel wrote: A long time ago I added a little bios code to my pc by programming and installing an eprom on a post card. The code was executed at boot time before most of the bios code was executed. Is this still possible with current desktops? Yes, it's

Re: i386 binaries on amd64

2005-08-29 Thread Stuart Henderson
--On 29 August 2005 16:34 -0500, Tony Lambiris wrote: Is there a way to compile something on i386 OpenBSD box to run on amd64? or is there a sysctl option I am missing? Cross-compiling between architectures is not supported, see list archives for reasons why.

Re: Moving from 3.7-release to -stable: make build fails (i386)

2005-08-31 Thread Stuart Henderson
--On 31 August 2005 09:29 +0200, Roman Zilka wrote: # export CFLAGS='-O3 -mcpu=athlon-xp -march=athlon-xp -mmmx -msse -m3dnow -mfpmath=sse' Don't do this with OpenBSD, it's not recommended or supported.

Re: [OT]: good home switch?

2005-09-04 Thread Stuart Henderson
--On 04 September 2005 13:57 +0200, [EMAIL PROTECTED] wrote: A Netgear FS108 is doing it's job very well and also the support of Netgear convinced me. As I bought the Switch it had a 5 year warenty and a 3year warenty for the power suply. The metal-cased Netgear FS105 and FS108 have been

Re: [OT]: good home switch?

2005-09-05 Thread Stuart Henderson
--On 05 September 2005 12:17 +0200, Johan P. LindstrC6m wrote: HP's ProCurve series are a bit on the steep side, though they come with lifetime warranty, got two 2524 (managed) 10/100 and I haven't seen any issues with them so far I looked at some HP 2626 which seem like quite nice switches

Re: tcpdump/pflog - rule numbering

2005-09-06 Thread Stuart Henderson
--On 06 September 2005 11:29 +0200, Stephan A. Rickauer wrote: I am now trying to find out, what 'rule 267' should be and found posts regarding 'pfctl -s rules'. My problem is, that rule number 267 has absolutely nothing to do with the line logged above. # pfctl -sr -vv

Re: Lifecycle question

2005-09-06 Thread Stuart Henderson
--On 06 September 2005 10:16 +0200, Stephan A. Rickauer wrote: There is one thing I still don't understand. What effort is it to deliver patches (not backports) longer than just a few month - given that the overall amount of patches per release is low with OpenBSD anyway... let's say you have

Re: Active Swap space

2005-09-06 Thread Stuart Henderson
--On 06 September 2005 09:36 -0300, JoC#o Salvatti wrote: I have a OpenBSD system acting as a firewall. When I use the top command I see that the swap space is not being used. Typically, one would hope that a firewall doesn't have to swap... I'd like to know if the swap space is only

Re: sendmail and clamd

2005-09-06 Thread Stuart Henderson
--On 06 September 2005 15:13 +0200, Cristian Del Carlo wrote: i am planning to use openbsd as mail server with sendmail and clamd as antivirus on intel machine. What can i use to connect sendmail and clamd? /usr/ports/mail/smtp-vilter works nicely, but if users should normally receive most

Re: [OT] Question about vpn and athorization between OpenBSD and Windows clients

2005-09-07 Thread Stuart Henderson
--On 07 September 2005 14:08 +0300, Tomas wrote: Please, can someone give me a clue how to setup a vpn with authentication. I've set up a vpn between Windows clients and OpenBSD server, everything works fine. By itself 'vpn' can mean many things... tunnels over IPsec? PPTP? unencrypted

Re: Sendmail nullclient

2005-09-07 Thread Stuart Henderson
--On 07 September 2005 15:28 +0200, Stephan A. Rickauer wrote: According to various documentations, this should be enough. Unfortunately, it isn't and I am not a sendmail specialist: include(`../m4/cf.m4') define(`__OSTYPE__',`') FEATURE(`nullclient', `myiphere')

Re: Shell account cgi script

2005-09-07 Thread Stuart Henderson
--On 07 September 2005 10:40 -0500, L. V. Lammert wrote: There are always ways, .. but I would not consider recommending such sophisticated solutions for the basic user level of this poster. If it's necessary to ask questions of this nature, perhaps running a server automatically handing out

Re: terminfo.db

2005-09-07 Thread Stuart Henderson
--On 07 September 2005 18:32 +0100, MikeG wrote: If that is the case can anyone a way to get my new entries into terminfo.db, or extract all the existing ones into the expanded database format? See /usr/src/share/termtypes/Makefile Also what governs the width of pages generated by man(1)?

Re: [OT] Question about vpn and athorization between OpenBSD and Windows clients

2005-09-07 Thread Stuart Henderson
--On 07 September 2005 17:30 -0400, Dimitri Yioulos wrote: This takes the thread even OT, is the stealth mechanism built in, or is there a special directive to be added? It uses a pre-shared key, so it doesn't happen by default with TLS (read about tls-auth in doco to learn how to enable

Re: Migration to PF - some questions

2005-09-08 Thread Stuart Henderson
--On 08 September 2005 14:55 +0200, Stephan A. Rickauer wrote: If I understand correctly, pf has no 'forward' chain like netfiler (which is probably by design). I'm guessing at what netfilter 'forward chain' means here since (presumably like many people here) I don't have much need to admin

Re: Migration to PF - some questions

2005-09-08 Thread Stuart Henderson
--On 08 September 2005 16:32 +0200, Stephan A. Rickauer wrote: $if_in=xl0 $if_out=xl1 pass in on $if_in keep state pass out on $if_out keep state Ok, let's stick to that example. Imagine a firewall having three interfaces connecting Internet, LAN and DMZ. When I would like to allow SMTP

Re: adsl ppp tun questions and routing questions

2005-09-09 Thread Stuart Henderson
--On 09 September 2005 10:38 +0200, Eric Dillenseger wrote: You may want to check in /etc/ppp/ppp.link{up|down} or /etc/rc.conf(.local). Do you start ppp in /etc/rc ? as I can see, it starts before /etc/rc initializes the network and then another time Maybe in rc.local and hostname.tun0.

Re: pciide: DMA vs. ATA133

2005-09-12 Thread Stuart Henderson
--On 12 September 2005 16:24 -0500, Tony Lambiris wrote: We have some motherboards with (what we think) are the same chips and revisions with the same hard drives, but some drives are being detected as DMA and others as ATA133. Here is an example: pciide0 at pci0 dev 17 function 1 VIA VT82C571

Re: How to lock a user in his home.

2005-09-13 Thread Stuart Henderson
--On 13 September 2005 11:05 -0300, Leonardo Marques wrote: I wanna how to lock a user in his home, he cannot see any other directory, just his home. Someone how can i do this? stsh?

Re: how to diagnose IErr's

2005-09-13 Thread Stuart Henderson
--On 13 September 2005 17:39 +0200, -f wrote: if it causes Col's on half duplex, and then causes Ierr's on full duplex, then what is the problem? the modem or openbsd? there isn't a problem with collisions, they are correct and expected behaviour with half-duplex ethernet. the devices know

Re: SpamAssassin

2005-09-16 Thread Stuart Henderson
--On 16 September 2005 14:14 +0800, Robert Storey wrote: Hello folks. I'm trying to use SpamAssassin (not Spamd) on OpenBSD 3.7. I installed using the port mail/p5-Mail-SpamAssassin. Try the package, in case something went wrong with your port-building. It's not in the path, and I scoured

Re: PPP through console of Soekris 4801

2005-09-17 Thread Stuart Henderson
--On 17 September 2005 09:39 +1000, Rod.. Whitworth wrote: My question is: Will this be a relaible set-up for both purposes? Usually we have the console port running 9600 no handshakes. I'll bet RDP looks very sad on that setting. You probably know or can guess most of this anyway but it

Re: Wireless Strangeness

2005-09-20 Thread Stuart Henderson
--On 19 September 2005 20:24 -0400, Alex Kirk wrote: wi0 at pci0 dev 12 function 0 National Datacomm Corp NCP130 Rev A2 rev 0x01: irq 9 wi0: PRISM2 HWB3163 rev.B, Firmware 0.3.0 (primary), 1.7.1 (station), address 00:80:c6:e3:72:2c It's ancient but it should work. It was the most current

Re: HW: Wireles PCCARD

2005-09-20 Thread Stuart Henderson
--On 20 September 2005 14:45 +0200, Johan P. LindstrC6m wrote: not confirm if there where revisions released of those cards. Now this differs from what I read on the manpage where supported chipsets are AR5210, AR5211 and AR5212. At Atheros site (http://www.atheros.com/pt/index.html) the

Re: PF performance question

2005-09-20 Thread Stuart Henderson
On 2005/09/19 14:30:14, Joe . wrote: I would check to make sure the nic is negotiating properly. It might be half duplex instead of full or something flakey etc. Check the output of ifconfig. That would show up in netstat -ni (Vinicius says he looked there). I have just been looking at a

Re: pkg_create error

2005-09-21 Thread Stuart Henderson
--On 21 September 2005 06:21 +, Edy Purnomo wrote: Recently, my OBSD 3.4 can not do any of port installation. Please advice. Looks like you're trying to use -current ports on an old OS, which won't work. A huge amount of work has been done on ports/package infrastructure between 3.7 and

Re: Userland Compilation Dies

2005-09-22 Thread Stuart Henderson
--On 22 September 2005 16:52 -0400, Chris wrote: I am trying to follow the stable branch, so updated my CVS for src, ports and X like so: # cd /usr # cvs -d$CVSROOT up -Pd* That's -current. Add -rOPENBSD_3_7 for 3.7-stable, or follow http://www.openbsd.org/faq/current.html updating beyond

Re: Dell 2650, Stupid Adaptec Controller, and Daily Crashes

2005-09-22 Thread Stuart Henderson
--On 22 September 2005 13:10 -0500, eric wrote: I have a Dell 2650 with an Adaptec controller. This machine is constantly crashing due to either a high load or some sort of a kernel panic. I know that Adaptec support was dropped in 3.7, and I wish I didn't have this piece of shit to deal with.

Re: is there a way to block sshd trolling?

2005-09-23 Thread Stuart Henderson
--On 23 September 2005 15:05 -0500, [EMAIL PROTECTED] wrote: My only question is what if I traceroute to you, find out the IP number of your upstream router? Then I make a bunch of connection attempts to your IP but forge the packets to make them look like they came from your upstream. The

Re: upgrade is it important ?

2005-09-24 Thread Stuart Henderson
--On 24 September 2005 08:53 +0700, Budhi Setiawan wrote: 1. how important to make our system (OS and packages) always up-to-date ( except with security reason of course ), because some people says you should update your system at least once a year Given the ease of upgrading OpenBSD, and

Re: slow ssh connect

2005-09-24 Thread Stuart Henderson
--On 24 September 2005 11:27 +0200, Simon Strandgaard wrote: I have openbsd 3.7 on an old P133. Connecting with SSH to the box takes near 20 seconds. Any ideas on how to make it go faster? Depending on your needs, either read about ControlMaster in ssh_config(5) and -M in ssh(1), or use the

Re: is there a way to block sshd trolling?

2005-09-24 Thread Stuart Henderson
--On 24 September 2005 13:31 +0100, ed wrote: What they did was to exploit gzip, I'm fairly certain. I could not apt-get of course and thus left helpless. I no longer have faith in user passwords. I do my best to prevent people using common user names (besides myself who uses 'ed' of course,

Re: PostgreSQL/other DBs and OpenBSD?

2005-09-25 Thread Stuart Henderson
--On 25 September 2005 05:30 -0800, Szechuan Death wrote: Question: Is there any really outstanding reason why a suitably- licensed database or fork thereof, e.g. PostgreSQL, couldn't be fully integrated into the OpenBSD distribution? Just a thought, you might find it easier to make a case

Re: Clamav problem

2005-09-26 Thread Stuart Henderson
--On 26 September 2005 07:47 -0500, James Harless wrote: One thing to check, make sure the timeout you have specified for the milter is long enough for it to actually scan the attachment. Also check the smtp-vilter backend timeouts. The default in /etc/smtp-vilter/{clamd,spamd,savse}.conf,

Re: altq confusion

2005-09-26 Thread Stuart Henderson
--On 26 September 2005 14:00 -0400, Chris Smith wrote: Both Jacek's book and the pf faq, http://www.openbsd.org/faq/pf/queueing.html, state that queueing is only useful for packets in the outbound direction. Yet, I find examples that show inbound traffic being sent to queues. .. What am I

Re: Which SATA controller to purchase

2005-09-26 Thread Stuart Henderson
--On 26 September 2005 15:07 -0400, Will H. Backman wrote: There could be a virtual store that lists things that are known to be well supported by OpenBSD ...and when some idiot vendor changes chips without changing product code, what then?

Re: Which SATA controller to purchase

2005-09-26 Thread Stuart Henderson
--On 26 September 2005 15:21 -0500, [EMAIL PROTECTED] wrote: i have thought about a store like this for about a year,but i suspect a virtual store wouldn't quite cut it due to the aforementioned chipset changing garbage. it would be interesting to open such a store from both to make it easier

Re: disk is full

2005-09-27 Thread Stuart Henderson
--On 27 September 2005 19:44 +0900, Dulmandakh Sukhbaatar wrote: I did # cd /usr # cp -i * /usr1 Something wrong? This doesn't copy permissions. A command like pax(1) or cpio(1) is good at preserving these. After reboot I can login as my non-root account and also with root account. But I

Re: OpenBSD Hardware Sales

2005-09-27 Thread Stuart Henderson
--On 27 September 2005 03:04 -0700, J.C. Roberts wrote: (an idiot who bought a MegaRAID ATA 133-2 thinking it would work with OpenBSD since MegaRAID was listed as supported) The new http://www.openbsd.org/lyrics.html#38 suggests it works too, and ami(4) and 'supported hardware' lists don't

OpenBGPD sizing

2005-09-28 Thread Stuart Henderson
How much RAM might I want in order to accept full views from 2-3 peers? Thanks.

Re: Trying to do stuff with PF

2005-09-29 Thread Stuart Henderson
--On 29 September 2005 17:17 +1000, 2ds wrote: Firstly I'd like to set up an openbsd router to send packets out two different internet connections based on port. this seems like a simple RDR to me but my attempts at this have failed. Read about route-to and reply-to in pf.conf(5), they're

Re: Blocking dhcp to some clients (airport extreme's)

2005-09-29 Thread Stuart Henderson
--On 29 September 2005 10:23 -0400, Bill wrote: Phooey on them. I was not aware that DHCP servers sent out any sort of advertisement or signal to override other equiptment. dhcpd.conf(5) option authoritative /might/ have some bearing.

Re: hacking tftpd to support logging of file names transfered to syslog

2005-09-29 Thread Stuart Henderson
--On 29 September 2005 14:00 -0600, Whyzzi wrote: Side Note: I would ignore this path completely if someone can offer up a native OpenBSD way of running x86 32bit diskless thin clients connecting to a native AMD64 XWindows terminal server ;) . What's the actual problem you're having? A

Re: hacking tftpd to support logging of file names transfered to syslog

2005-09-29 Thread Stuart Henderson
--On 29 September 2005 15:52 -0600, Whyzzi wrote: tcpdump. ARGH! Why the hell didn't I think of that? Currently I'm ;) playing around with a couple of pre-built pxe loadable distrobutions - currently the one in question if ThinBSD (based on FreeBSD, thinstation is quite complicated, and

Re: Ports question

2005-09-29 Thread Stuart Henderson
--On 29 September 2005 20:36 -0500, J Moore wrote: Can someone tell me if and when the clamav in the -stable tree is going to have the security flaw patched? On Wednesday just gone. http://www.openbsd.org/cgi-bin/cvsweb/ports/security/clamav/Makefile

Re: Compatibility question for the New Sun X4100 server with 4FastEthernet as possible BGP routers, or stick with HP DL-145 G2?

2005-09-29 Thread Stuart Henderson
--On 30 September 2005 01:00 +0200, Henning Brauer wrote: reasonable price tag. I am uncertain what chipset they use, might be nForce, might be Via. As long as both GigEs and the SATA stuff works, and there's no other showstopper, I don't care.

Re: Etiquette re: unanswered questions

2005-09-29 Thread Stuart Henderson
--On 29 September 2005 20:54 -0700, Richard P. Koett wrote: This machine has two interfaces - 'ne3' facing the Internet and 'rl0' facing a small (3 computer) internal network. I am *assuming* that the log entries pertain to the external interface but tcpdump is not broken nic somewhere? bad

Re: Migration to PF - some questions

2005-10-01 Thread Stuart Henderson
--On 01 October 2005 04:43 -0500, Travis H. wrote: Ah, but the matching engine doesn't have to traverse the whole rule list that way. Unless pf is doing something really tricky, every packet will have to traverse every firewall rule without use of quicks. huh? Before any rules are evaluated,

Re: Migration to PF - some questions

2005-10-01 Thread Stuart Henderson
--On 01 October 2005 08:50 -0500, Travis H. wrote: huh? Before any rules are evaluated, the filter checks whether the packet matches any state. If it does, the packet is passed without evaluation of any rules. - pf.conf(5) Yeah, I neglected stateful matching. I should have said that every

Re: Netgear WG311 and ath driver on amd64.

2005-10-01 Thread Stuart Henderson
--On 02 October 2005 06:07 +1000, Brian McKerr wrote: Texas Instruments ACX111 rev 0x00 at pci0 dev 12 function 0 not configured That's not an ath, they've changed the chipset to TI (non-open, unfortunately). Unfortunately wireless chipsets change often, TI and Marvell are appearing from

Re: asus wl-138g

2005-10-02 Thread Stuart Henderson
--On 02 October 2005 20:38 +0200, Jernej Vodopivec wrote: Does anyone have any experience with asus wl-138g wlan pci card? I've only found model 130g at supported hardware.. Google: wl-138g chipset. First few hits say 'Marvell' - this is undocumented/unsupported (but increasingly common).

Re: PF - connections per machine

2005-10-03 Thread Stuart Henderson
--On 03 October 2005 20:00 +0100, Francisco Jose Nina Rente wrote: There is any way that i can limit the number of connections between a computer (on the LAN) and the router ? Yes, see pf.conf(5) - stateful tracking options. It's been mentioned here rather often...

Re: getting usb networking up on the Zaurus

2005-10-03 Thread Stuart Henderson
--On 03 October 2005 17:19 -0400, Chuck Robey wrote: Add to this the fact that it works, to/from FreeBSD to the original Linux on the Zaurus, using cdce on both ends. Client (aka target) mode is where the Z acts as a USB peripheral, not as a host. afaik you need the Linux distributed with

Re: getting usb networking up on the Zaurus

2005-10-04 Thread Stuart Henderson
--On 04 October 2005 12:28 -0400, Chuck Robey wrote: Note that you will need a Zaurus USB host cable for this, these don't come with the Zaurus and have to be purchased seperately. Zhost cable, or I guess a 'digital camera mini USB lead' with AF-AF gender changer might do the trick. Well,

Re: Load Balancing

2005-10-05 Thread Stuart Henderson
nat on !($int_if) from $lan_net to any - gateway_addresses \ round-robin sticky-address That changes the source address on the packets, but doesn't affect where they're sent. Without reply-to/route-to, the route taken by an outgoing packet is dependent only on the destination address,

Re: High Interrupt Mode Reported by 'Top' for Soekris 4801

2005-10-06 Thread Stuart Henderson
--On 06 October 2005 16:00 -0600, Theo de Raadt wrote: If the Soekris did not come with ethernet chipsets which are just slightly over the bar of rl(4), the wimpy processor in the machine might be able to cope. Throughput is only marginally better using an em in the pci slot of a 4801. I

Re: dual DVI graphics card

2005-10-06 Thread Stuart Henderson
experiences setting it up? I've got my eye on the Matrox Millennium P750 card, but I can't find anything on any kind of support for OpenBSD (I'm not looking to run Linux, Solaris, or even FreeBSD all of which seem to have some sort of support). Their old cards used to be a good choice for

Re: dual DVI graphics card

2005-10-06 Thread Stuart Henderson
--On 06 October 2005 16:11 -0700, Aaron Glenn wrote: I had used Matrox cards exclusively up until Parhelia was released however long ago. I think my Millenium II card is still chugging along in a closet somewhere. From what I can tell on Matrox's site, the Parhelia and the Millenium P750 are

Re: Audio play too fast on AC97 onboard

2005-10-11 Thread Stuart Henderson
--On 11 October 2005 12:21 +0200, Marcin Wilk wrote: Audio play too fast on AC97 onboard Can anyone suggest some solution for me please ? http://archives.neohapsis.com/archives/openbsd/2004-01/0764.html

Re: very, very slow usb data transfer speed on 3.7

2005-10-11 Thread Stuart Henderson
--On 11 October 2005 12:39 -0400, Andrew Atrens wrote: Can someone point me to the cvs commit that fixes 'hlt hlt'. I'm thinking (hoping) it could easily be applied on top of 3.7 Release. google hlt hlt openbsd gives this: http://marc.theaimsgroup.com/?l=openbsd-cvsm=111859519015510w=2

Re: Blocking p2p via pf

2005-10-11 Thread Stuart Henderson
--On 11 October 2005 17:15 +0200, David Elze wrote: Apart from blocking ports I just see two possibilities: [..] You might investigate how many source states users would normally use for permitted protocols, how many states are involved with non-permitted use, and (ab?)use max-src-states

Re: Little log advice needed

2005-10-11 Thread Stuart Henderson
--On 11 October 2005 11:31 -0400, James Mackinnon wrote: I created a file that has the following info and made it executable to root and the wheel group and no access to everyone. This file sits in /usr/local/bin with the name logkick # !/bin/sh # this file is used to roll over the PFLog file

Re: two vpn endpoints ... 3 net connections

2005-10-13 Thread Stuart Henderson
--On 14 October 2005 08:32 +1000, Dave Harrison wrote: Here's my problem, I have a remote machine that has two links, one is high bandwidth but has bad latency, the other has low bandwidth but good latency. pf.conf(5), look at 'route-to' and 'reply-to'. Use PF rules to send ssh over the fast

Re: how to tell if I getting anything out of my hifn1411 card

2005-10-13 Thread Stuart Henderson
--On 13 October 2005 17:50 -0400, Andrew Atrens wrote: I know in FreeBSD/DragonFly I have a couple of tools to check to see if it's being engaged - hifnstats and cryptostats (in /usr/src/tools/tools/crypto), but I'm not sure if the equivalent exists for OpenBSD. You'll see something in the

Re: two vpn endpoints ... 3 net connections

2005-10-13 Thread Stuart Henderson
--On 14 October 2005 09:02 +1000, Dave Harrison wrote: Here's my problem, I have a remote machine that has two links, one is high bandwidth but has bad latency, the other has low bandwidth but good latency. pf.conf(5), look at 'route-to' and 'reply-to'. Use PF rules to send ssh over the fast

Re: ipsecadm group returns write: Invalid argument

2005-10-14 Thread Stuart Henderson
On 2005/10/13 23:36:11, Theo de Raadt wrote: By the way, I think a lot of you should start using isakmpd -a and ipsecctl and ipsec.conf more. It is a better way to use Ipsec. Looks like this allows ipcomp with IKE, am I correct?

Re: HOWTO on spamd+transparent bridge under OpenBSD

2005-10-14 Thread Stuart Henderson
On 2005/10/14 16:41:22, Graham Toal wrote: - Using the 3.7 ports tree on 3.6 is not recommended. The only install disk I have is 3.6. Any reason not to use cd37.iso? I'd rather forget about packages and use ports for everything (Speaking as someone compiling ports for -current on another

Re: how to tell if I getting anything out of my hifn1411 card

2005-10-16 Thread Stuart Henderson
--On 16 October 2005 11:04 -0400, Mike wrote: [3] Check carefully, many of these boards only support RNG Very carefully - you can't just go by model number; this was on undeadly: VIA is annoying because they don't say which particular CPU is on those EPIA mobos. The reason I'm saying

Re: 10 years T-shirt

2005-10-16 Thread Stuart Henderson
You could always step back in time and buy a 2.1 CD (or the whole set, if you're feeling rich) ...though installing even 3.7 feels like stepping back in time now (:

Re: wireless pci card problem

2005-10-17 Thread Stuart Henderson
--On 17 October 2005 07:41 -0500, Benjamin A. Collins wrote: I got a pci wireless yesterday. After the installation, the system reported that the following message:- rtw0 at pci0 dev 8 function 0 Realtek 8185 rev 0x20: irq 11 rtw0: ver RTL8185, rtw0: could not recall EEPROM in 1us rtw0:

Re: DISKLESS tutorial that need feedback

2005-10-22 Thread Stuart Henderson
On 2005/10/22 21:05:25, [EMAIL PROTECTED] wrote: But I see no difference to simple ASCII-Textfiles anymore Ahh, do you know of a nice simple console-mode pdf viewer then?

Re: Problem instaling OpenBSD on IBM xSeries 336

2005-10-23 Thread Stuart Henderson
--On 23 October 2005 11:29 +0200, LukC!E! Macura wrote: When I look into BIOS, there is no possibility to do good irq routing. BIOS groups almost all devices to irq3 :( try a .mp kernel (even if you have 1 processor).

  1   2   3   4   5   6   7   8   9   10   >