1 Aug 2003 22:36
1 Aug 2003 01:21
Re: openbsd partitions suggestion
STeve Andre' <andres <at> msu.edu>
2003-07-31 23:21:04 GMT
2003-07-31 23:21:04 GMT
Chuck is saying something that is very important and should be listened to. The first couple of times I installed an OpenBSD system I got the partitions wrong. I figured this out after a few days of playing around, and rebuilt everything. It taught me how to save the important config files so I could do this in a small amount of time, and let me get things to where they were really useful. Plan on building up OpenBSD a half dozen times. It will come in handy when some emergency happens and you need to make up a new system quickly to replace a dead one. --STeve Andre' On Thursday 31 July 2003 03:18 pm, Chuck Yerkes wrote: > Install it. Build (from /usr/ports) what you want. > Play with it for a week. > Look at what it needs. > trash it > reinstall/repartition. > > Quoting Gëzim Hoxha (hgezim <at> yahoo.com): > > Hi, I'm G?zim Hoxha, and I'm new to his mailing list > > and to openbsd. I still have not installed it > > (OpenBSD). > > I have a machine with 13GB that I want to install > > openbsd on. In this machine I want apache, a mail > > server, ftp server, mysql, php, perl, and other things > > for a website. It's just gonna be a dedicated web > > server basically. I want to hear some suggestions as(Continue reading)
1 Aug 2003 01:32
Re: new bind
Nick Holland <nick <at> holland-consulting.net>
2003-07-31 23:32:29 GMT
2003-07-31 23:32:29 GMT
Jay Jennings wrote: > > Setting up Bind used to be in the Faqs Section 6. I noticed a few days ago > it is gone now, will it be retuning? No. The old section was on BIND4. OpenBSD shipped BIND4 long after almost everything else on the 'net was saying "Don't use BIND4 because it is 'insecure'" (btw: we were right, they were wrong.(Continue reading). Now that BIND9 is included with the base system, the BIND4 docs were no longer relevant... plus BIND9 is well documented elsewhere. My original plan was to leave the old document in place with a note at the top saying "This is for 3.2 and before, BIND9 is well docuemented elsewhere", and include a list of OpenBSD enhancements to BIND9 for the 3.3-release cycle. Well, apparently people couldn't read the note at the top, and kept telling me OpenBSD 3.3 included BIND9 not BIND4, so to simplify my life, I removed it (it was either that or use <blink></blink>, and as I got to look at it when maintaining it, that was out). There are certain things I don't really want to have in the FAQ. BIND and Sendmail are two of them. The reason is this: I don't want someone reading a few paragraphs and thinking they understand these topics. That's not the way it works. BIND is a complex tool as part of a complex system (the Internet DNS). Following a "HOWTO" document and thinking you are a capable DNS (or mail) administrator is just foolish, and I don't want to encourage that. The Sendmail book is something like 1000 pages. The BIND book is not
1 Aug 2003 01:38
Re: openbsd partitions suggestion
<fmartinez <at> trivergis.com>
2003-07-31 23:38:59 GMT
2003-07-31 23:38:59 GMT
i use this configuration.. / - 200M swap - 512M (varies) /spare - 1024M /var - 1024M /usr - 800M /usr/local - 1024M /home - 'free leftovers' this is for servers running all/some/none of php/perl/mysql/squid.. Frank > Chuck is saying something that is very important and should > be listened to. The first couple of times I installed an OpenBSD > system I got the partitions wrong. I figured this out after a few > days of playing around, and rebuilt everything. It taught me > how to save the important config files so I could do this in a > small amount of time, and let me get things to where they were > really useful. > > Plan on building up OpenBSD a half dozen times. It will come > in handy when some emergency happens and you need to > make up a new system quickly to replace a dead one. > > --STeve Andre' > > On Thursday 31 July 2003 03:18 pm, Chuck Yerkes wrote: >> Install it. Build (from /usr/ports) what you want.(Continue reading)
1 Aug 2003 10:30
Re: Dell 2650 with PERC3-DI will not boot
Marco Peereboom <slash <at> peereboom.us>
2003-08-01 08:30:13 GMT
2003-08-01 08:30:13 GMT
There is also a patch lingering in the archives that you want to apply. Works like a champ with ahc disabled. On the 2650 you can also go to RAID/RAID mode in the BIOS; this eliminates the need to disabling ahc. On Thursday 31 July 2003 15:35, Raymond Morsman wrote: > Op donderdag 31 juli 2003 22:30, schreef John Kaiser: > > I have a shiny new Dell 2650 that I would like to do an install on. > > It has the PERC3-DI mirrored scsi adapter. This adapter is on the > > hardware list and is shown as using the aac driver. > > Have you disabled ahc* from the kernel? It should do the trick: > > boot -c > disable ahc* > exit > > Raymond.
1 Aug 2003 01:41
Re: openbsd partitions suggestion
Nick Holland <nick <at> holland-consulting.net>
2003-07-31 23:41:58 GMT
2003-07-31 23:41:58 GMT
STeve Andre' wrote: > > Chuck is saying something that is very important and should > be listened to. The first couple of times I installed an OpenBSD > system I got the partitions wrong. I figured this out after a few > days of playing around, and rebuilt everything. It taught me > how to save the important config files so I could do this in a > small amount of time, and let me get things to where they were > really useful. > > Plan on building up OpenBSD a half dozen times. It will come > in handy when some emergency happens and you need to > make up a new system quickly to replace a dead one. > > --STeve Andre' > > On Thursday 31 July 2003 03:18 pm, Chuck Yerkes wrote: > > Install it. Build (from /usr/ports) what you want. > > Play with it for a week. > > Look at what it needs. > > trash it > > reinstall/repartition. And I'm going to add my voice here, too. What Chuck and STeve said. Do it. The idea that you can just do your first install and be "right" is so silly. No one hands a first time driver the keys to a Formula One race car and says, "Ok, you are running the race in five minutes.(Continue reading)
1 Aug 2003 02:49
Re: blocking new version of kazaa
Ben Goren <ben <at> trumpetpower.com>
2003-08-01 00:49:32 GMT
2003-08-01 00:49:32 GMT
On Wed, Jul 30, 2003 at 10:06:36PM -0400, Nick Holland wrote:
> Anyway, you set up a DNS resolver for your network, but you
> "poison" it with little tidbits...for example, instead of doing
> a "proper" search to find out what *.kazaa.com is, just tell the
> resolver to ask that program over there...which happens to
> respond "192.168.1.10", "127.0.0.1" or some other address within
> your network for EVERY question it is asked.
Since Nick is using that unclean DNS server, I thought I'd just
chime in with how you'd do it with the real manly man's DNS
server. I haven't upgraded to BIND 9 yet, but I can't imagine it
being *that* different....
Anyway, in your /var/named/named.boot file, add a line like this:
primary kazaa.com kazaa
(Of course, you'll have to set up BIND to work properly for
evrything else, too. If you don't know how, learn before you try
to do this kind of poisoning.)
Then, /var/named/namedb/kazaa will look like:
kazaa.com. IN SOA dns.example.com. myemail.example.com. (
2003073101 ; serial
10800 ; refresh
3600 ; retry
3600000 ; expire
86400 ) ; minimum
(Continue reading)
1 Aug 2003 03:52
Re: blocking new version of kazaa
Oblek <oblek <at> lug.stikom.edu>
2003-08-01 01:52:58 GMT
2003-08-01 01:52:58 GMT
This setup took me 8 minutes to complete: 1. install dsniff 2. edit dnsspoof.hosts 3. run dnsspoof it was simple enough, that my granny can do it :) > On Wed, Jul 30, 2003 at 10:06:36PM -0400, Nick Holland wrote: > > > Anyway, you set up a DNS resolver for your network, but you > > "poison" it with little tidbits...for example, instead of doing > > a "proper" search to find out what *.kazaa.com is, just tell the > > resolver to ask that program over there...which happens to > > respond "192.168.1.10", "127.0.0.1" or some other address within > > your network for EVERY question it is asked. > > Since Nick is using that unclean DNS server, I thought I'd just > chime in with how you'd do it with the real manly man's DNS > server. I haven't upgraded to BIND 9 yet, but I can't imagine it > being *that* different.... > > Anyway, in your /var/named/named.boot file, add a line like this: > > primary kazaa.com kazaa > > (Of course, you'll have to set up BIND to work properly for > evrything else, too. If you don't know how, learn before you try > to do this kind of poisoning.) >(Continue reading)
1 Aug 2003 04:10
IPsec FAQ
Nick Holland <nick <at> holland-consulting.net>
2003-08-01 02:10:21 GMT
2003-08-01 02:10:21 GMT
Sorry for the overdue-ness of this note... I think I probably owe everyone a note about why I did the rather drastic act of blanking out an entire section of the FAQ without replacing it with anything. The section was obsolete and not being actively maintained in the way it needed to be: namely, when critical changes are made, that they get back into the FAQ. YES, there was a lot of good information in faq13.html, but there is also a lot of inaccurate info. I do not feel it is appropriate to expect users to guess what is good and what is not. The trickle of "fix this" "this changed" etc. that came in wasn't resulting in a good document, just something that was slightly less wrong. Yes, I want a new IPsec FAQ. I would welcome any old parts from the old faq13.html that are appropriate. However, based on the number of IPsec questions on the mail lists (and the resounding lack of "Read the FAQ, dammit!" responses), I don't think simply correcting what was there is sufficient. This is why I wiped it out, to free people from feeling they had to "tweak" the existing document. If there is good stuff from the old document you want, GREAT, it is in cvs, and it will remain there. But don't feel any need to retain any amount of it. Unfortunately, I do not have the qualifications to write a good IPsec document at this time, and the time required for me to get "up to speed" will basically prevent me from getting any other FAQ work done...and there is a LOT I want to do.(Continue reading)
1 Aug 2003 04:16
Re: isakmpd problem
Brian A. Seklecki <lavalamp <at> spiritual-machines.org>
2003-08-01 02:16:59 GMT
2003-08-01 02:16:59 GMT
On Thu, 2003-07-31 at 06:55, Nico Schottelius wrote: > Brian A. Seklecki [Wed, Jul 30, 2003 at 05:10:59PM -0400]: > > On Wed, 2003-07-30 at 13:09, Nico Schottelius wrote: > > > Hello! > > > > > > I know this is an OpenBSD list, but I have an isakmpd problem on Linux. > > > I hope you still can help me, as I didn't find any other ML! > > > > > > I am trying to establish a simple tunnel.. > > > > > > > This looks very generic. The logs appear to be adding a SA entry the > > SAD. How do you view the kernel SAD in Linux? > > that's a good question. I have no tools (like I think pf in *bsd), > but I am examining the proc interface right now....and I cannot find > anything! Which linux IPSec implantation is it? How is isakmpd(8) interfacing the kernel? > > > > That's the first thing > > I'd do is forget 160k of isakmpd(8) debugging output and try to find out > > if SA entries are getting added. > > good..at least another point to search for.. > > > When you say "no pings go through", are you talking about your GRE(Continue reading)
RSS Feed