| received@postcard.org |
| Apr 19, 9:26 am 2008 |
| hogo hogo | Installation problem
Hello, I experience troubles during instalation onto a new pc.
At the beginning of the installation on the stage of hardware initialization
the core prints
few strings "Unknown Device", then 2 "Unconfigured Device" and then once again
"Unknown Device".
These strings appear during USB devices initialization.
After that, hardware initialization process halts completely, no more strings
appear on the screen,
I waited for an hour, but the install programm didn't run. It halts for some
reason during har...
| Apr 19, 1:29 pm 2008 |
| Unix Fan |
| Apr 19, 12:57 pm 2008 |
| Moe Sizlak | Re: timeouts on http connects outbound
To followup on this question I have updated my sysctl settings, changed
pf.conf and added the scrub out line recommended.
Also my dist is 4.3 openbsd flashdist. (not 4.2)
Result of all changes proposed: No change.
Pages like http://marc.info etc still time out.
updated settings are:
------------------------------------------------------------------------------------
# $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and e...
| Apr 19, 12:31 pm 2008 |
| Felix Kronlage |
| Apr 19, 11:54 am 2008 |
| Vikas N Kumar | pf and hosts.deny
Hi
I have OpenBSD 4.2 on a Pentium II laptop running fine, with its ssh port 22
open to the web. However, there are a lot of attacks on that port from
various IP addresses across the globe. Even though I have set maximum number
of tries to just 2, I would like to be able to note down the IP address
(after say 10 unsuccessful login attempts) from where the attacks are coming
in and then dynamically add them to hosts.deny for the next few days or
permanently.
Can pf do this ? I read the manual but...
| Apr 19, 10:02 am 2008 |
| Lars Noodén | Re: pf and hosts.deny
Ok. I'm slow enough writing that others have started to answer also...
Working with hosts.deny is not a pf feature, but it might be glued
together.
As Curt just answered, PF tables are an option. See also
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf
I am getting good mileage out of "The Book of PF", and tables are
covered there pp 67-71 and pp 31-32. Maybe using PF's tables is enough
for you.
There are at least four pieces that might be useful if you really want a
script to a...
| Apr 19, 12:13 pm 2008 |
| Henri Salo | Re: pf and hosts.deny
On Sat, 19 Apr 2008 10:02:50 -0400
There was a topic in a misc 2008-04-16 with subject "PF ssh bruteforce
logging and blocking". You should read it.
--
Henri Salo <fgeek at hack.fi> +358407705733
GPG ID: 2EA46E4F fp: 14D0 7803 BFF6 EFA0 9998 8C4B 5DFE A106 2EA4 6E4F
| Apr 19, 11:36 am 2008 |
| Curt Micol |
| Apr 19, 10:27 am 2008 |
| Nicolas Letellier | Re: Beep-media-player and esd
Landry Breuil a icrit :
> On Sat, Apr 19, 2008 at 01:19:50PM +0200, Nicolas Letellier wrote:
>> Hello ports@
>>
>> I upgraded to 4.3-current (from 4.3-stable) and I installed
audio/beep-media-player and I see it requires esound be launched. Why?
>> So, I must launch esd before (and esd play a sound at the
beginning). I don't remember I had to do this before...
Beep-media-player worked perfectly without I had to launch esound.
>
> 4.3-stable doesn't really...
| Apr 19, 8:58 am 2008 |
| bofh | Re: wpa now in current?!
oops, meant to send to misc
--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity." --
Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted." -- Gene Spafford
learn french: [ message continues ] " title="http://www.youtube.com/watch?v=j1G-3laJJP0&feature=relate... ">http://www.youtube.com/watch?v=j1G-3laJJP0&feature=relate...
| Apr 19, 8:51 am 2008 |
| Stuart Henderson |
| Apr 19, 8:18 am 2008 |
| Steve Shockley |
| Apr 19, 11:36 am 2008 |
| Stuart Henderson |
| Apr 19, 6:02 am 2008 |
| Stuart Henderson | Re: timeouts on http connects outbound
Read "MTU/MSS ISSUES" in pppoe(4). This is most likely your problem,
These are already covered by "block all", not your problem but
etc.
"keep state" and "flags S/SA" are set by default now, not your problem
but leaving them out makes for an easier-to-read ruleset.
If you still have problems after fixing MTU then try "keep state"
rather than "modulate state". if you still have problems after that,
pfctl -x misc, and look at the logs.
| Apr 19, 5:11 am 2008 |
| Stuart Henderson |
| Apr 19, 4:56 am 2008 |
| ropers | Re: Is there a "badblocks"-equivalent for OpenBSD?
Geez, I'm an eejit.
Agreed. I see 3 usage areas for badblocks -svn:
- To intermittently proactively check whether my existing HDDs are dying.
- To intermittently check if my remaining floppies have still
survived. (I keep 2 copies of each floppy and chuck out the ones that
have gone bad, and make a new copy, so unless both copies go bad in
the same interval, I'm good.)
- To check whether any old HDDs that I'm given for free / that I pick
up off the kerb / that I pull out of a skip are still ...
| Apr 19, 12:27 pm 2008 |
| Edwin Eyan Moragas | poll(2) vs kqueue(2) performance
Hi all,
been reading the select(2) man pages and it mentions poll(2)
being more efficient in most cases. this makes it obvious to
discard the use of select(2) in writing new servers.
i've come across some performance benchmarks which is trying
to use kqueue(2).
the question is, which one is more useful when writing new servers?
kqueue or poll?
--
garnet:jasmin:beryllium:gluon
90-12264
90-B
| Apr 19, 1:27 am 2008 |
| Jonathan Schleifer | Re: poll(2) vs kqueue(2) performance
poll is more portable, while kqueue should be more performant (at
least, that's why it was invented). If your app only needs to run on
OpenBSD, NetBSD and FreeBSD, you're just fine with kqueue, otherwise
use poll. Generally, I think it's better to use poll and sacrifice that
unnoticable performance gain.
--
Jonathan
| Apr 19, 5:43 am 2008 |
| Eric Faurot |
| Apr 19, 4:17 am 2008 |
| Edwin Eyan Moragas | Re: poll(2) vs kqueue(2) performance
Hi Eric,
i've been looking also at libevent and libev, both of which are excellent
libraries. however, i'm more interested in simpler system calls rather
than the libraries.
thank you for pointing this out. interesting that openbsd has libevent
--
garnet:jasmin:beryllium:gluon
90-12264
90-B
| Apr 19, 4:38 am 2008 |
| Theo de Raadt | Re: poll(2) vs kqueue(2) performance
select requires that you set up a bit array correctly. but often
people just use a fd_set, and cause a variety of strange buffer
overflow cases as soon as their fd's happen to be greater than the bit
size of the fd_set.
the kernel has to iterate over these bit arrays a few times.
for everyone involved, poll is just plain cheaper.
finally, go look at the latest commit to lib/libc/net/res_send.c to
use poll. it is easier to use -- the behaviours are less surprising.
it is also much more ...
| Apr 19, 1:50 am 2008 |
| Edwin Eyan Moragas |
| Apr 19, 2:46 am 2008 |
| Moe Sizlak | timeouts on http connects outbound
Hi all,
Recently I moved from freebsd 6 to openbsd 4.2 but have had some problems.
I get a lot of timeouts on web pages with a high number of hops and I think
it may be something to do with either pf and/or sysctl.
Any help in diagnosing these timeouts much appreciated.
(box is soekris net5501 with three internal lans nat'd outbound.)
------------------------------------------------------------------------------------
sysctl -w net.inet.ip.forwarding=1
sysctl -w net.inet.tcp.mssdflt=145...
| Apr 18, 9:39 pm 2008 |
| Daniel Melameth |
| Apr 19, 2:23 am 2008 |
| Josh Grosse |
| Apr 18, 8:32 pm 2008 |
| Claer | Re: CARP LAN outgoing IP address
Did you try to NAT the LAN interface with the carp address ? It should
work for self outgoing traffic too. The problem is, if the connection is
issued from the backup firewall you will lost the connection. To bypass
this limitation, you can use ifstated and pf tables.
- If the LAN interface is in master mode : add the carp address to
the NAT table
- If the LAN interface is in backup mode : remove the carp address from
the nat table
Claer
| Apr 19, 4:39 am 2008 |
| Gábri Máté | Re: CARP LAN outgoing IP address
Thank You for all your help!
It seems that we found a workaround for this problem and we don't have to
temper with the firewall.
Mod_rpaf on the webservers will rewrite the incoming IP address.
--
Gabri Mate
gabrimate@duosol.hu
http://www.duosol.hu
Tel: 20/589-5456
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc ]
| Apr 19, 9:10 am 2008 |
| ropers |
| Apr 18, 8:19 pm 2008 |
| Travers Buda | Re: Is there a "badblocks"-equivalent for OpenBSD?
I don't know if anyone brought this up, and I hate to state the
obvious, but if you're getting bad blocks then the hard drive has
exhausted its ability to deal with them on its own and should be
replaced. Otherwise you'll see data loss/corruption and a higher
probability of a total drive failure.
--
Travers Buda
| Apr 19, 12:41 am 2008 |
| Ted Unangst |
| Apr 18, 9:28 pm 2008 |
