Questions tagged [openbsd]
OpenBSD is a free, multi-platform 4.4BSD-based UNIX-like operating system with a focus on security, portability, standardization, code correctness, proactive security and integrated cryptography.
225
questions
26
votes
11
answers
20k
views
Is anyone else using OpenBSD as a router in the enterprise? What hardware are you running it on? [closed]
We have an OpenBSD router at each of our locations, currently running on generic "homebrew" PC hardware in a 4U server case. Due to reliability concerns and space considerations we're looking at ...
24
votes
2
answers
8k
views
Authenticating OpenBSD against Active Directory
Edit: Reformatted this as Q&A. If anyone can change this from Community Wiki to a typical question, that's probably more appropriate as well.
How can I authenticate OpenBSD against Active ...
22
votes
2
answers
42k
views
Why does tomcat7 log into both catalina.out and catalina.YYYY-MM-DD.log?
On OpenBSD 5.2, the default installation of tomcat-7.0.29 seems to be logging all errors into both catalina.out and catalina.YYYY-MM-DD.log.
Cns# ll /var/tomcat/logs/catalina.*
-rw-r--r-- 1 _tomcat ...
13
votes
6
answers
5k
views
OpenBSD, FreeBSD: your update philosophy?
I've used FreeBSD for about 5 years - server/Desktop - and I've tended to take my apt-get/yum upgrade everything habits along with me ( I admin Debian/RHEL/Cent boxes as well -- I know, I know ......
9
votes
1
answer
3k
views
OpenBSD route via different gateways which have same IP but on different interfaces
I have multiple VPN connections which use the same gateway IP (I do not have the ability to change this as it is out of my control). These VPNs all provide access to different networks, and the ...
8
votes
4
answers
3k
views
OpenBSD/FreeBSD Firewall w/ GUI that is compatible with Intel 82574L Gigabit LAN NICs
I recently purchased a server to run m0n0wall or pfSense but I've learned since then that both of these firewall products are based on versions of FreeBSD which weren't yet compatible with the NICs in ...
8
votes
1
answer
9k
views
Send trunk directly to vm in HyperV 2012
I'm setting up OpenBSD as a VM in HyperV 2012. It would be easier for me to just create one interface on the vm and have OpenBSD take care of setting up the vlans.
Is it possible to tell HyperV to ...
7
votes
7
answers
13k
views
Linux equivalent of pfsync+carp for failover firewall/routing
I'm currently using a linux box to handle my firewall/NAT using iptables. It has two NICs, one link to a LAN switch, one to our egress Internet provider. I'm looking at upgrade this box to two boxes ...
7
votes
2
answers
4k
views
Can I create a pf rule involving MAC address instead of IP?
The title is self explanatory.
I want to create rules in pf running on OpenBSD 4.9 for perticular MAC address, something like
pass in on eth0 from mac 00:04:34:5f:34:33 to mac 34:32:34:06:5e:22
I ...
7
votes
1
answer
2k
views
Multi-homed OpenBSD system: Policy based routing vs. mpath default routes
TL;DR Will OpenBSD policy based routing help with a multi-homed server/gateway situation? If so, how do I configure it?
Long Form
I'm managing an OpenBSD with two ISP links and VPN tunnels to ...
6
votes
2
answers
793
views
Which BSD best suited to run as VMware guest?
I want to deploy a VM to serve DNS and files (via NFS) to other *nix systems in my infrastructure.
Due to reasons beyond my control, I need a very light OS, so I naturally choose the *BSD family.
...
6
votes
5
answers
5k
views
How do I spamtrap with Postfix?
How do I setup spamtraps with Postfix so clients that send to trapped addresses are prevented from sending me more spam?
6
votes
3
answers
3k
views
Modern open source NIDS/HIDS and consoles? [closed]
Years back we set up an IDS solution by placing a tap in front of our exterior firewall, piping all the traffic on our DS1 through an IDS box and then sending the results off to a logging server ...
6
votes
1
answer
3k
views
How to run VmWare tools in OpenBSD4.5 with VmWare server 2.0.X
For testing purposes i frequently run OpenBSD in VmWare, before version 2.0.x, tweaking the vm type and using Freebsd compatibility mode made the job but this does not work anymore with VmWare server ...
6
votes
2
answers
3k
views
Setting up IPSEC on LAN between two hosts (OpenBSD)
Trying to use IPSEC between two hosts on a LAN. No VPN involved
Using OpenBSD 5.8 (in VirtualBox). I'd prefer to use OpenBSD's built-in support for IPSEC and key exchange and not a third-party.
Two ...
6
votes
3
answers
2k
views
OpenBSD default gateway outside subnet
My ISP offers IPv6 by default. However, my ISPs IPv6 setup appears to be a bit strange because the default IPv6 gateway is located outside of my servers subnet. Under linux it is possible to setup a ...
6
votes
1
answer
360
views
OpenBSD not responding to arp queries
I am setting up an OpenBSD system as a router, I have one interface as the upstream, then another with a vlan configured:
Upstream(em0):
inet 10.0.2.20 255.255.255.0 NONE description upstream
...
5
votes
4
answers
7k
views
How do I count the number of processors on an OpenBSD system?
How can I determine the number of CPUs on an OpenBSD system, using either system tools or C code?
The technique I know of to count CPUs on other BSD platforms -- checking /var/run/dmesg.boot for ...
5
votes
3
answers
5k
views
OpenBSD: Gateway outside subnet (works in Linux)
We need to set up an OpenBSD host to use a default gateway that's outside of it's subnet. This is all I need to do on Linux (not the actual IPs) to achieve it:
ifconfig eth0 33.33.33.33/31 up
route ...
5
votes
1
answer
8k
views
OpenBSD: How to use `relayd` and `httpd` for redirecting subdomain requests
Situation
I created the following setup on OpenBSD:
So I have my OpenBSD server on 192.168.1.250 redirecting all http-requests to the host-vm on 192.168.30.2.
The host-vm itself operates nginx for ...
5
votes
2
answers
5k
views
How to block MAC address in pf firewall
I want to block particular MAC address on PF firewall. I know PF firewall works on the Layer 3 i.e it operates on the IP addresses rather than MAC address.But is there any way to block the MAC address ...
5
votes
2
answers
459
views
Portable firewall rules for Linux and Free/Net/Open/DragonFlyBSD
I need apply the same rules (lists of IPs with allow and drop rules) in firewalls of Linux and *BSD. Do you know some application (CLI) for to convert a list of rules in the specific format of each ...
5
votes
1
answer
2k
views
Request multiple IP-addresses via DHCP on a single physical interface (OpenBSD)
On OpenBSD, is it possible to request multiple IP-addresses via DHCP on a single physical interface? It looks like DHCP leased addresses can't be assigned as aliases. I though of creating a virtual ...
5
votes
1
answer
882
views
BSD 50% interrupt utilization in irq0/clock
On OpenBSD on an Atom 450, with HPET configured in the BIOS and not, also with Hyperthreading/ACPI on-off, nothing seems to make a difference.
Here's my vmstat -iz
# vmstat 2
procs memory ...
4
votes
3
answers
16k
views
redundant openvpn configuration
I have two openbsd nat/firewall boxes with carp for failover / high availability purposes. What would be the best possible practice to ensure that OpenVPN, which I plan on running on these boxes, ...
4
votes
6
answers
13k
views
PXE Boot - Linux server & OpenBSD client
I have an old machine here I'm trying to setup as a diskless client running OpenBSD, booting from my fedora 10 machine.
I've setup tftp and dhcp and both appear to be correct, yet the client just ...
4
votes
3
answers
4k
views
OpenBSD has open ports in default installation
I have been considering replacing Ubuntu with OpenBSD to improve the security on my local server. I need to have ssh access to it, and I also need it to serve static web content - so the only ports I ...
4
votes
3
answers
7k
views
NFS mount "hanging" when accessing from a server on a different subnet
Here's a problem which I am at a loss to diagnose:
Our user home directories are served via NFS from an Apple XServe running Mac OS X 10.5.7. Normally they are exported to our default office subnet, "...
4
votes
2
answers
14k
views
Getting IPTables to properly forward NTP traffic
I have the following setup:
NTP
10.21.3.169
|
|
10.21.3.160 (eth1)
Linux
10.0.0.67 (eth0)
|
|
10.0.0.65 (pcn1)
OpenBSD
The idea is to allow the NTPD client (not ...
4
votes
1
answer
3k
views
What's the proper way to get smtpd (OpenSMTPD) to pick up changes to smtpd.conf?
I'm new to OpenBSD and in the process of learning OpenSMTPD. I would have expected some sort of "restart" option from the smtpctl command, but it only has a stop with no start which might force a ...
4
votes
1
answer
8k
views
502 Bad Gateway Error Nginx connect() to unix:/tmp/unicorn.sock failed
This is my first question on Server Fault. I could not find a solution to this while searching the web.
I am working on an OpenBSD server running Nginx, which I did not setup, that is throwing a 502 ...
4
votes
1
answer
815
views
OpenBSD Apache version 1.3.29? [closed]
I recently installed OpenBSD and went to check the version of Apache HTTPD and when I run httpd -v it tells me the version is Apache/1.3.29 (Unix). Surely this can't be right? I am using the latest ...
4
votes
2
answers
1k
views
home, end, delete, pageup, pagedown with ksh
I want to use home, end, delete, pageup, pagedown with ksh. My TERM is
xterm-color. These keys works fine with tcsh and zsh, but not with ksh
(print a tilda ~)
I found this:
bind '^[[3'=prefix-2
...
4
votes
1
answer
1k
views
Changing PF rules on the fly to mitigate damage of DDoS (OpenBSD 6.4)
This is a two part question, really. Keep in mind that I am a developer not a system admin, but being the only employee in the company, I wear ALL the hats.
I have deployed my server with two ...
4
votes
3
answers
6k
views
tuning tips for CPU load for OpenBSD guest on qemu-kvm Server
I have a CentOS KVM Server running 1 OpenBSD, 1 CentOS and 2 FreeBSD guests.
Only the openBSD guest has a higher CPU load on the KVM Server. 8-10% on Server whilst Guest is at idle.
The only service ...
4
votes
1
answer
170
views
pfctl in OpenBSD and FreeBSD
I've noticed that both FreeBSD and NetBSD have extra pfctl options:
pfctl [-AdeghmNnOPqRrvz]
But OpenBSD doesn't, it's missing around five of the extra options:
pfctl [-deghnPqrvz]
I would have ...
4
votes
1
answer
5k
views
OpenBSD pf port forwarding multiple rules
I have a few dozen servers behind OpenBSD firewall with port forwarding. Most rules are very similar and differ only in IPs or sometimes in ports forwarded, so I want to compact them to remove ...
4
votes
1
answer
194
views
Is reverse DNS a good method for promoting grey IPs from trusted domains to white?
I'm trying to set up a mail server using OpenBSD, OpenSMTPD, spamd, and pf. The first problem I've encountered is that many large webmail providers - like Gmail - will retry delivery from a different ...
4
votes
1
answer
2k
views
OpenBSD automatic filesystem check at reboot
I want my openbsd server to boot, no matter what and dont break with waiting for manual FSCKing. It's easy to do in linux, but in obsd it just doesnt want to be "auto". Last time I set the 6th,7th ...
4
votes
1
answer
2k
views
DNSSEC and IPSec DNS Server and DNS Client Configuration
I'm about to deploy DNSSEC for some of my domains and as I was getting ready I did some reading on the subject. I came across some Microsoft Technet articles talking about Name Resolution Policy Table ...
3
votes
2
answers
9k
views
dhcpd.leases file manually edit
I have OpenBSD 4.8 serving as Gateway & DHCP Server.
By mistake, when reinstalling one of the workstations (it is Windows 7) it gets the same name as it was before (i.e workstation-PC).
So now I ...
3
votes
1
answer
3k
views
Provide IPv6 to network from OpenBSD firewall
I have an OpenBSD PF firewall that I have added a IPv6 tunnel to (using HE.net tunnelbroker).
I can ping/traceroute IPv6 addresses from the firewall. Now I want to provide IPv6 services to the ...
3
votes
1
answer
1k
views
OpenBSD relayd forward to web server based on HTTP request path
I have two web servers running on my machine. One is listening on port 8080 and the other on 8081.
$ curl http://localhost:8080
I am the API
$ curl http://localhost:8081
<html> <head>&...
3
votes
4
answers
3k
views
OpenBSD and filesystem snapshots
What is the best solution, if any, for carrying out LVM style filesystem snapshots on OpenBSD?
3
votes
3
answers
803
views
ichiic0 errors on OpenBSD 4.4
I have four identical nodes built on Supermicro 1025TC-TB hardware running OpenBSD 4.4. Two of the nodes are routers and two are load balancers. Each set is running in active/passive configuration ...
3
votes
1
answer
4k
views
Why am I getting errors in my HAProxy content switching config?
I'm migrating some infrastructure from multiple servers hosting specific sites to a load-balancing architecture using HAProxy 1.3.15.7 on OpenBSD 4.6 macppc. Naturally, I'm starting with configuring ...
3
votes
1
answer
679
views
Why can not add subversion package to my OpenBSD 4.5 machine?
I have an OpenBSD 4.5 on a virtual machine. I configured the net and my machine can connect to the OpenBSD FTP repository in Canada (ftp.openbsd.org) correctly. But when I execute this line:
...
3
votes
1
answer
441
views
Why does spampd fail with socket connection failure on openbsd?
I'm having some trouble getting spampd to work in OpenBSD. First off, if I try to specify the daemon flags in my /etc/rc.conf.local like so:
spampd_flags="--port=10025 --relayhost=127.0.0.1:10027 --...
3
votes
1
answer
2k
views
OpenBSD routing: Cannot reach gateway from IF configured to static block
When trying to set up an OpenBSD router I've run into an apparent routing problem.
I have a 1U machine with 6 gigabit NICs (em0-em5). My ISP provided me with the following:
xx.xx.97.246/28 static ...
3
votes
1
answer
1k
views
Forcing a password change on OpenBSD
On OpenBSD 5.6 I need to provision a number of user accounts with default passwords. I would like users, upon their first SSH login, to be forced to change their passwords from the default.
On CentOS ...