Just a one off, but Cisco does not make anything that has a nice backplane or can handle the full load. Fill a Cisco switch/router with all the stuff Cisco says it will support and run all the ports full of traffic at wirespeed. Blam. Box will tank. If you want the full load, Juniper or Foundry. Just my opinion based on 10 years of building large networks.
That being said, a Cisco will run rings around a PC running some hacked routing software in most cases.
Lycos is not auto-grabing the urls from the spam. It is having someone open the spam, verify it is spam, verify the end link url for the Viagra or such. Only then is the site added to the target list. Lycos has said that they are not trying to take down the site but cost it money. Seems that they did not write their software right to take into account that everyone and their grandmother hates the spammers and would install it. So a few spam sites went down. I am of the opinion that this is a good thing. They should change their software so it does DoS the site. Having been/worked on large networks I can say that a DoS will 99% of the time only affect the hosting company and the people that sell them the pipe and most likely only at that pipes termination. (Also it is not a true DoS in the sense that the software request the page and completes the transaction!) And I say so the fuck what!?! The hosting company should get screwed for hosting the spammer.
It is about time we (the collective geeks) do something real about spam. Sure I have SA and all that installed but it is a pain, cost us money (time and hardware). Spammers should be shot. Spammers website should be hacked and cracked and trashed. The companys that knowingly host them should get the same. Their are no laws or police that can fix this chaos we call the Internet. It is up the the users to handle the shitheads.
It is time to declare ALL OUT WAR SPAMMERS. Let our motto be "Victory or....NO CARRIER!!!"
Can you or someone enlighten me to why you would want to run an OS such as Linux on a Cisco? For me a router is a router. If it supports the routing of packets, handles QoS for stuff, has SNMP so I can pull stats (or netflow or other such stuff), has a secure login for management then I am good. In the design of a network there is a place for the router, firewall, switch, load balancers and servers. In some cases it is nice to combine them, Router/Firewall or Server w/Firewall but I am not sure about running an OS such as Linux on a Cisco. Besides, have you seen the speed of the CPU in a Cisco? 83MHz PPC to around 300MHz PPC.
I deployed about 30 of the largest CacheFlow boxen back before the company when public (1998 timeframe) on a network with close to a million DSL users. Worked just fine. Talk to me when you have run a network with 32 OC-12, 500+ Sun servers, 1000's of DS3 spread allover the USA and Canada. Oh, and do it with a staff of 4 networks guys and 4 UNIX admins. Oh, and deploy the whole network in 60 days.
Ass.
I do not know why I expect people to make intellegent comments here. I should know better by now. After all this is/.
As someone that has designed, built and run a nation wide backbone, I can say I would not be using this anytime soon. It is not that it is not good software, but the hardware it runs on. One of the things in running a network is the uptime and how simple the hardware is. The less moving parts the better. The more appliance like the device the better (so CacheFlow over Squid on a server). Also there is the bandwidth issue. Most PC hardware cannot handle the amount of traffic that you will see on a main router because the PCI bus is just not up to it. I would love to see a PC that can route 5 GigE's at wire speed. The bus would be the limiting factor. Most routers have slow CPU's (83-300Mhz PPC). They do not need them. The ASICs handle the traffic flow.
Now, I will say that I have used FreeBSD boxen in the past with a Sangoma T1 card and a PCI NIC for end routers for networks. Never ran a routing protocal on it. Just default routed it. It would be intresting to see this software on a box with maybe 2 T1s and a PCI NIC running BGP for a medium size biz office.
Just my 2 cents.
Oh, for those that made the comment about "Well in 1997 no one thought linux....". Its not the same. Linux works because it is a server product. At the end of the day, it does not matter if you run Windows (OK it does but..) or Linux on a server. It matters how you build the server (RAID, CPU, ECC RAM, etc.). That being said, if you look at the highend IBM Linux stuff it is still on the mainframe type hardware (S/390) or a cluster.
Re:Storage for that would be...
on
The Music Man
·
· Score: 2, Interesting
Well it depends on the bit rate, etc. I have a library of all my CD's ripped (I work at a radio station and a record store so..). The total number of MP3 at 192 bit I have is 28498. About 10k of them have the album art. They currently take 144GB of harddrive space on a.5TB RAID5 array (4x160GB drives - IDE). I am slowly add more MP3s. iTunes does quite a good job of handling the files BTW. I am running iTunes 4.7 on a 1.03Ghz iBook with 768MB of RAM. The MP3s are mount via an NFS share from the server which is a 1Ghz AMD with 512MB of RAM running OpenBSD 3.6 w/RAIDFrame. Most of the time I am running the connection over an Airport base station 802.11G, for the iBook with the server connect to a 100MB switch. If I am doing massive file management I do connect the iBook via 100MB ethernet.
Webservers NIC3 - Load balancers (Foundry - a differnet set) - NIC1 DB Servers NIC2 - NFS (NetApp) for data.
For the Webservers just get a lot of cheap 1U boxen and fill it full of RAM so the pages and NFS are cached as much as can be. Run the same image on each box (netbooting is even better - no harddrives to fall). To much traffic on the frontend, just add another box. If you netboot everything it make backups so simple. One backup (Tape) box and a few netboot boxen tossed it and you are good to go.
I did this years back with hugh clusters of Sun Netra T1 boxen (1999 era) and you could not slashdot it. Load gets to high unpack and rack a few new boxen and netboot 'em. It is quite simple, easy to manage and very very scalable. The biggest part of this is getting good DB prgs to write the DB part of the setup. This is somewhat the same way that Hotmail ran before the MS take over.
If NFS is to slow for some reason, you can do the samething with fiberchannel SANs.
At least this is getting air and looked at. Lets talk again when the French take a full look at what they did in Algeria. Oh, and if you are a German posting, you still have about 950 years before you have the right to lecture anyone about morals and ethics.
Man, I am now a scubbag and a muppet and clueless. I guess my 2 degrees, and the fact that I read the Financial Time everyday cover-to-cover were just a waste of time since I am so damn uninformed.
Gremany & France and our friends from the great white north do have troops in Afganistain, they are just 2/10th's of what they have promised. If you had read thru my post you would see that is what I said.
As to the empire...
We in away to have cultural empire in the fact of ideas and economy. It was evloved by most of the world wanting to be more like us. Not quite sure it was forced. (Hey Baywatch was the most popular program in the EU for a time. Hum, that seems like it could be a WMD!).
Well said. BTW, I think we should have boots on the ground it Darfur. We need to start doing the right thing in cases such as this even tho there is no $$$ reason to do so. Women and children need to be defended against those that would rape and kill.
Any just because I know that someone will say, 'well we have killed women and childern in Iraq'. Lets be clear here - we never set out to kill women and childern or innocents. The millitary is a large hammer and sometimes it hits things that it does not want to. The best thing you can do is get the whole war over as fast as you can with overwelleming force. The US has never lined up people, shot then and tossed them in the mass graves like Sadam did. Have you people even seen the pictures? Mother shot thru the head and then the baby in their arms! I cry for every innocent that dies. It is sad. I wish for a world with no millitary and no war. I just know that it will not happend without a large amount of change. Remember, "all it takes for evil to win is for good men to do nothing."
Scumbag? Spelling errors? Once again I am taken by the IQ of the average/. user.
Those that cannot reason, insult. If you have something to say that is an intellegent reply please do. I would be happy to read, reason and consider your views.
BTW, me, my father and his father before him 'pointing a rifle' gives you the right to speak and post what you will. The use of force is a terrible but sometime needed thing. I hope that my child never has to 'point a rifle'. That is why I did.
Man, what a well thought out view of things. Thanks for taking the time to answer all my points with a well reasoned discourse. You have change my mind completely with your amazing logic.
Your reasoning is well thought and I respect it. The EU has the right not to support us in thing that they think are wrong (Iraq). However what about all the promised support for Afganistain that has never come? What about the French wanting to lift the arms sales band with China? Why does China need the French high tech weapons? Oh, so they can counter the US Navy over Taiwan which has an elected goverment? Please explain that? My view is that their are people in the EU goverments that would do anything to try to counter balance the power of the USA with out any reguard for who they are giving that power to. At the end of the day, with the execption of the UK, Europe is a fair weather friend to the USA. Its seem to me that the USA in its history has generally 'done the right thing' and has never reached for empire and we should have earned the benfit of doubt about why we do things inseted of the automatic 'oh how evil' crap we get now.
"The Americans will always do the right... After they've exhausted all the alternatives." - Winston Churchill
Wow! Get you tin foil hat out yet? Get over it. You lost.
BTW, as the head of the numbers at CNN said last night, "Exit polls are not very accurate and are off by 4-5%. Then only time you should look at an exit poll being close to the truth is when there is a 10-12% difference. Exit polls do not count 100% of the voters therefore they should not be used as anything but trending for breakdowns of women to men, etc." This is a paraphase on my part.
Oh, I did not vote for Bush, and do not even like him, but I am smart enought not to bitch about some sort of fix. Get over it.
Because now he doesn't have to worry about getting re-elected. Oh, and the Republicans control Congress, too, so he can do just about whatever he wants.
It is strange how much peolpe do not understand the way the goverment works. We really need better Civics classes in school.
It does not work that way. If it did then alot of things would have passed that have not. In order to take something to a vote on the floor of the senate it takes 60 votes to approve the call to vote on an item. Since the Democrates can keep things from coming to the floor for a vote the Republicans cannot do whatever they want. Thus the judical appoinments that never got thru last term.
Wow! Let me let you in on a little bit of information. We do not care if we have pissed off the rest of the world. For the past 50+ years they have had their well being protected by the American taxpayer. Maybe we are sick of getting shit on because we seem to see things in a right and wrong view of things that work justed fine for you when the commie hoards were at your door but now it is not good enough for you. If the rest of the world does not like what we do then take care of your problems yourself and stay out of our way. It is really interesting that when the shit hit the fan in the former Yugoslovia that it was American force of arms that was called for by the EU states to support thier fight because they did not have the power to do it themselves. And I just love the way that the whole world has said that it was right to invade Afganistain and gave their support and said they would give troops but still have not delivered on even 20% of what they have promised. Hey Germany and France we are still waiting on all the NATO troop support you promised us! Why should we care what the the rest of the world thinks when they cannot even deliver on what they have promised when they pat our backs and say they support us?
BTW:
1. I did not vote for Bush. I do not even like him. 2. I am not a Republican. 3. I do have a passport and it has stamps in it from the EU to asia. 4. I did server in the millitary and have seen combat.
At the end of the day, my message to the rest of the world is put up or shut up. It is easy to bitch and moan. Lets see you do something for once.
Did a pkg_info to get a list of installed pkg's. Then pkg_delete to remove them all. Removed/usr/ports.
Booted the CD. Picked upgrade. When it was done I rebooted and it worked. Follow the stuff in the FAQ about/etc. Took about 10 mins. CVS'upd the latest 3.6 ports patch branch:
Then just changed to the/usr/port/whatever and did a make install to re-install the deleted packages.
Done.
It is not as simple as emerge --update --deep world (or something like that) on Gentoo. But then again, if I ran Linux as the firewall, I would have to use IPTABLES and that is very painfull.
OpenBSD is very very well documented. If you read the man pages and the FAQ 99% of the stuff you want to know is there. The other 1% will get answered on the mailling list, and added to the FAQ.
...you would have 2 servers up and running already. Got my CD's last week and have 1 new box up and one old 3.5 box upgraded. May thanks to Theo and the team for such great software.
If you have not tried OpenBSD please do. While I will not speak on the idea of OpenBSD on the desktop I will speak to how great it is as a firewall. If you have struggled with IPTABLES it is time to give a try to PF. Have a look. It should be easy to understand:
ext_if="xl0" int_if="fxp0" # clean up the packets scrub in all # nat the internal network to the external interface nat on $ext_if from !($ext_if) -> ($ext_if:0) # setup a table of RTBL IP's for spammers table persist #redirect any IP's in the the RTBL to spamd rdr pass inet proto tcp from to any port smtp -> 127.0.0.1 port 8025 # ftp proxy rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 # redirect any internal user to squid rdr on $int_if inet proto tcp from any to ! $int_if port 80 -> 127.0.0.1 port 3128 # pass extenal web request to the internal www server rdr on $ext_if proto tcp from any to any port http -> 192.168.0.2 # pass extenal web request to the internal www server rdr on $ext_if proto tcp from any to any port https -> 192.168.0.2 # drop everything block in log # allow out and keep track pass out keep state # allow anything to the loopback and internal interface pass quick on { lo $int_if } # no RFC 1918 spoofing (quick - do it now!) antispoof quick for { lo $int_if } # allow external ssh in pass in log on $ext_if proto tcp to ($ext_if) port ssh keep state # allow smtp in pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state # allow the www forwarding pass in log on $ext_if proto tcp to 192.168.0.2 port http keep state # allow the www forwarding pass in log on $ext_if proto tcp to 192.168.0.2 port https keep state # allow outbound smtp pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state
Very simple and clean. If you need a firewall give it a try!
Nope. Hate to disappoint you but I have a system running Gentoo with the 2.4 and 2.6 kernels. I also have a Ultra 2 running Solaris 10B63, a SS5 running OpenBSD3.6 and a file server running OpenBSD3.6. I am typing this from my iBook. (Oh, there is an Amiga on the back desk to, next to the Commodore 128D!) I have used Linux on systems since SLS. I keep coming back to BSD because for me it as a cleaner simpler design. I full install of Linux (Redhat, Fedora, SUSE) has become more bloated then an Windows 2K3 server install!
I like the simple, vi KERNEL, make clean && make depend && make for a BSD customer kernel. Not to mention that the ports setup of BSD (el. al.) beats any Linux package setup anyday. (Oh, know here come the rabi-Debian fans). Gentoo is closest in my book for a clean Linux install (then Slakware). Yet, I still hate the part were I get to the kernel config.
Slashdot Mirror
Just a one off, but Cisco does not make anything that has a nice backplane or can handle the full load. Fill a Cisco switch/router with all the stuff Cisco says it will support and run all the ports full of traffic at wirespeed. Blam. Box will tank. If you want the full load, Juniper or Foundry. Just my opinion based on 10 years of building large networks.
That being said, a Cisco will run rings around a PC running some hacked routing software in most cases.
Lycos is not auto-grabing the urls from the spam. It is having someone open the spam, verify it is spam, verify the end link url for the Viagra or such. Only then is the site added to the target list. Lycos has said that they are not trying to take down the site but cost it money. Seems that they did not write their software right to take into account that everyone and their grandmother hates the spammers and would install it. So a few spam sites went down. I am of the opinion that this is a good thing. They should change their software so it does DoS the site. Having been/worked on large networks I can say that a DoS will 99% of the time only affect the hosting company and the people that sell them the pipe and most likely only at that pipes termination. (Also it is not a true DoS in the sense that the software request the page and completes the transaction!) And I say so the fuck what!?! The hosting company should get screwed for hosting the spammer.
It is about time we (the collective geeks) do something real about spam. Sure I have SA and all that installed but it is a pain, cost us money (time and hardware). Spammers should be shot. Spammers website should be hacked and cracked and trashed. The companys that knowingly host them should get the same. Their are no laws or police that can fix this chaos we call the Internet. It is up the the users to handle the shitheads.
It is time to declare ALL OUT WAR SPAMMERS. Let our motto be "Victory or....NO CARRIER!!!"
Can you or someone enlighten me to why you would want to run an OS such as Linux on a Cisco? For me a router is a router. If it supports the routing of packets, handles QoS for stuff, has SNMP so I can pull stats (or netflow or other such stuff), has a secure login for management then I am good. In the design of a network there is a place for the router, firewall, switch, load balancers and servers. In some cases it is nice to combine them, Router/Firewall or Server w/Firewall but I am not sure about running an OS such as Linux on a Cisco. Besides, have you seen the speed of the CPU in a Cisco? 83MHz PPC to around 300MHz PPC.
Thanks!
I deployed about 30 of the largest CacheFlow boxen back before the company when public (1998 timeframe) on a network with close to a million DSL users. Worked just fine. Talk to me when you have run a network with 32 OC-12, 500+ Sun servers, 1000's of DS3 spread allover the USA and Canada. Oh, and do it with a staff of 4 networks guys and 4 UNIX admins. Oh, and deploy the whole network in 60 days.
/.
Ass.
I do not know why I expect people to make intellegent comments here. I should know better by now. After all this is
As someone that has designed, built and run a nation wide backbone, I can say I would not be using this anytime soon. It is not that it is not good software, but the hardware it runs on. One of the things in running a network is the uptime and how simple the hardware is. The less moving parts the better. The more appliance like the device the better (so CacheFlow over Squid on a server). Also there is the bandwidth issue. Most PC hardware cannot handle the amount of traffic that you will see on a main router because the PCI bus is just not up to it. I would love to see a PC that can route 5 GigE's at wire speed. The bus would be the limiting factor. Most routers have slow CPU's (83-300Mhz PPC). They do not need them. The ASICs handle the traffic flow.
Now, I will say that I have used FreeBSD boxen in the past with a Sangoma T1 card and a PCI NIC for end routers for networks. Never ran a routing protocal on it. Just default routed it. It would be intresting to see this software on a box with maybe 2 T1s and a PCI NIC running BGP for a medium size biz office.
Just my 2 cents.
Oh, for those that made the comment about "Well in 1997 no one thought linux....". Its not the same. Linux works because it is a server product. At the end of the day, it does not matter if you run Windows (OK it does but..) or Linux on a server. It matters how you build the server (RAID, CPU, ECC RAM, etc.). That being said, if you look at the highend IBM Linux stuff it is still on the mainframe type hardware (S/390) or a cluster.
Well it depends on the bit rate, etc. I have a library of all my CD's ripped (I work at a radio station and a record store so..). The total number of MP3 at 192 bit I have is 28498. About 10k of them have the album art. They currently take 144GB of harddrive space on a .5TB RAID5 array (4x160GB drives - IDE). I am slowly add more MP3s. iTunes does quite a good job of handling the files BTW. I am running iTunes 4.7 on a 1.03Ghz iBook with 768MB of RAM. The MP3s are mount via an NFS share from the server which is a 1Ghz AMD with 512MB of RAM running OpenBSD 3.6 w/RAIDFrame. Most of the time I am running the connection over an Airport base station 802.11G, for the iBook with the server connect to a 100MB switch. If I am doing massive file management I do connect the iBook via 100MB ethernet.
Simple.
Load balancers (Foundry) - NIC1 Webservers NIC2 - NFS (NetApp) for pages.
Back to the SAME webservers as above:
Webservers NIC3 - Load balancers (Foundry - a differnet set) - NIC1 DB Servers NIC2 - NFS (NetApp) for data.
For the Webservers just get a lot of cheap 1U boxen and fill it full of RAM so the pages and NFS are cached as much as can be. Run the same image on each box (netbooting is even better - no harddrives to fall). To much traffic on the frontend, just add another box. If you netboot everything it make backups so simple. One backup (Tape) box and a few netboot boxen tossed it and you are good to go.
I did this years back with hugh clusters of Sun Netra T1 boxen (1999 era) and you could not slashdot it. Load gets to high unpack and rack a few new boxen and netboot 'em. It is quite simple, easy to manage and very very scalable. The biggest part of this is getting good DB prgs to write the DB part of the setup. This is somewhat the same way that Hotmail ran before the MS take over.
If NFS is to slow for some reason, you can do the samething with fiberchannel SANs.
Remember: Simple is better.
At least this is getting air and looked at. Lets talk again when the French take a full look at what they did in Algeria. Oh, and if you are a German posting, you still have about 950 years before you have the right to lecture anyone about morals and ethics.
Man, I am now a scubbag and a muppet and clueless. I guess my 2 degrees, and the fact that I read the Financial Time everyday cover-to-cover were just a waste of time since I am so damn uninformed.
Gremany & France and our friends from the great white north do have troops in Afganistain, they are just 2/10th's of what they have promised. If you had read thru my post you would see that is what I said.
As to the empire...
We in away to have cultural empire in the fact of ideas and economy. It was evloved by most of the world wanting to be more like us. Not quite sure it was forced. (Hey Baywatch was the most popular program in the EU for a time. Hum, that seems like it could be a WMD!).
Let me guess? You think the WTO is evil right?
Well said. BTW, I think we should have boots on the ground it Darfur. We need to start doing the right thing in cases such as this even tho there is no $$$ reason to do so. Women and children need to be defended against those that would rape and kill.
Any just because I know that someone will say, 'well we have killed women and childern in Iraq'. Lets be clear here - we never set out to kill women and childern or innocents. The millitary is a large hammer and sometimes it hits things that it does not want to. The best thing you can do is get the whole war over as fast as you can with overwelleming force. The US has never lined up people, shot then and tossed them in the mass graves like Sadam did. Have you people even seen the pictures? Mother shot thru the head and then the baby in their arms! I cry for every innocent that dies. It is sad. I wish for a world with no millitary and no war. I just know that it will not happend without a large amount of change. Remember, "all it takes for evil to win is for good men to do nothing."
Scumbag? Spelling errors? Once again I am taken by the IQ of the average /. user.
Those that cannot reason, insult. If you have something to say that is an intellegent reply please do. I would be happy to read, reason and consider your views.
BTW, me, my father and his father before him 'pointing a rifle' gives you the right to speak and post what you will. The use of force is a terrible but sometime needed thing. I hope that my child never has to 'point a rifle'. That is why I did.
Man, what a well thought out view of things. Thanks for taking the time to answer all my points with a well reasoned discourse. You have change my mind completely with your amazing logic.
Your reasoning is well thought and I respect it. The EU has the right not to support us in thing that they think are wrong (Iraq). However what about all the promised support for Afganistain that has never come? What about the French wanting to lift the arms sales band with China? Why does China need the French high tech weapons? Oh, so they can counter the US Navy over Taiwan which has an elected goverment? Please explain that? My view is that their are people in the EU goverments that would do anything to try to counter balance the power of the USA with out any reguard for who they are giving that power to. At the end of the day, with the execption of the UK, Europe is a fair weather friend to the USA. Its seem to me that the USA in its history has generally 'done the right thing' and has never reached for empire and we should have earned the benfit of doubt about why we do things inseted of the automatic 'oh how evil' crap we get now.
... After they've exhausted all the alternatives." - Winston Churchill
"The Americans will always do the right
Wow! Get you tin foil hat out yet? Get over it. You lost.
BTW, as the head of the numbers at CNN said last night, "Exit polls are not very accurate and are off by 4-5%. Then only time you should look at an exit poll being close to the truth is when there is a 10-12% difference. Exit polls do not count 100% of the voters therefore they should not be used as anything but trending for breakdowns of women to men, etc." This is a paraphase on my part.
Oh, I did not vote for Bush, and do not even like him, but I am smart enought not to bitch about some sort of fix. Get over it.
Because now he doesn't have to worry about getting re-elected. Oh, and the Republicans control Congress, too, so he can do just about whatever he wants. It is strange how much peolpe do not understand the way the goverment works. We really need better Civics classes in school. It does not work that way. If it did then alot of things would have passed that have not. In order to take something to a vote on the floor of the senate it takes 60 votes to approve the call to vote on an item. Since the Democrates can keep things from coming to the floor for a vote the Republicans cannot do whatever they want. Thus the judical appoinments that never got thru last term.
Wow! Let me let you in on a little bit of information. We do not care if we have pissed off the rest of the world. For the past 50+ years they have had their well being protected by the American taxpayer. Maybe we are sick of getting shit on because we seem to see things in a right and wrong view of things that work justed fine for you when the commie hoards were at your door but now it is not good enough for you. If the rest of the world does not like what we do then take care of your problems yourself and stay out of our way. It is really interesting that when the shit hit the fan in the former Yugoslovia that it was American force of arms that was called for by the EU states to support thier fight because they did not have the power to do it themselves. And I just love the way that the whole world has said that it was right to invade Afganistain and gave their support and said they would give troops but still have not delivered on even 20% of what they have promised. Hey Germany and France we are still waiting on all the NATO troop support you promised us! Why should we care what the the rest of the world thinks when they cannot even deliver on what they have promised when they pat our backs and say they support us?
BTW:
1. I did not vote for Bush. I do not even like him.
2. I am not a Republican.
3. I do have a passport and it has stamps in it from the EU to asia.
4. I did server in the millitary and have seen combat.
At the end of the day, my message to the rest of the world is put up or shut up. It is easy to bitch and moan. Lets see you do something for once.
It was very simple.
/usr/ports.
/etc. Took about 10 mins. CVS'upd the latest 3.6 ports patch branch:
/usr
/usr/port/whatever and did a make install to re-install the deleted packages.
http://openbsd.org/faq/upgrade36.html
Did a pkg_info to get a list of installed pkg's. Then pkg_delete to remove them all. Removed
Booted the CD. Picked upgrade. When it was done I rebooted and it worked. Follow the stuff in the FAQ about
# setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
# cd
# cvs -q get -rOPENBSD_3_6 -P ports
Then just changed to the
Done.
It is not as simple as emerge --update --deep world (or something like that) on Gentoo. But then again, if I ran Linux as the firewall, I would have to use IPTABLES and that is very painfull.
OpenBSD is very very well documented. If you read the man pages and the FAQ 99% of the stuff you want to know is there. The other 1% will get answered on the mailling list, and added to the FAQ.
sparc64. this is a sparc32 box.
yah. ran netbsd 2.0 beta on the box. i am selling the system now.
d =1 &item=5729181231&ssPageName=STRK:MESE:IT
if anyone wants a fully loaded ss20 with 4 cpu's:
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&r
or look for item number 5729181231 if the link does not work.
Thanks! Trying it now!
PF rules.
Depends.
I asked about SMP for Sparc32 (I have a quad SS20!) but there was no take on that. SMP for Sparc64 maybe coming..
...you would have 2 servers up and running already. Got my CD's last week and have 1 new box up and one old 3.5 box upgraded. May thanks to Theo and the team for such great software.
If you have not tried OpenBSD please do. While I will not speak on the idea of OpenBSD on the desktop I will speak to how great it is as a firewall. If you have struggled with IPTABLES it is time to give a try to PF. Have a look. It should be easy to understand:
ext_if="xl0"
int_if="fxp0"
# clean up the packets
scrub in all
# nat the internal network to the external interface
nat on $ext_if from !($ext_if) -> ($ext_if:0)
# setup a table of RTBL IP's for spammers
table persist
#redirect any IP's in the the RTBL to spamd
rdr pass inet proto tcp from to any port smtp -> 127.0.0.1 port 8025
# ftp proxy
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
# redirect any internal user to squid
rdr on $int_if inet proto tcp from any to ! $int_if port 80 -> 127.0.0.1 port 3128
# pass extenal web request to the internal www server
rdr on $ext_if proto tcp from any to any port http -> 192.168.0.2
# pass extenal web request to the internal www server
rdr on $ext_if proto tcp from any to any port https -> 192.168.0.2
# drop everything
block in log
# allow out and keep track
pass out keep state
# allow anything to the loopback and internal interface
pass quick on { lo $int_if }
# no RFC 1918 spoofing (quick - do it now!)
antispoof quick for { lo $int_if }
# allow external ssh in
pass in log on $ext_if proto tcp to ($ext_if) port ssh keep state
# allow smtp in
pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state
# allow the www forwarding
pass in log on $ext_if proto tcp to 192.168.0.2 port http keep state
# allow the www forwarding
pass in log on $ext_if proto tcp to 192.168.0.2 port https keep state
# allow outbound smtp
pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state
Very simple and clean. If you need a firewall give it a try!
Nope. Hate to disappoint you but I have a system running Gentoo with the 2.4 and 2.6 kernels. I also have a Ultra 2 running Solaris 10B63, a SS5 running OpenBSD3.6 and a file server running OpenBSD3.6. I am typing this from my iBook. (Oh, there is an Amiga on the back desk to, next to the Commodore 128D!) I have used Linux on systems since SLS. I keep coming back to BSD because for me it as a cleaner simpler design. I full install of Linux (Redhat, Fedora, SUSE) has become more bloated then an Windows 2K3 server install!
I like the simple, vi KERNEL, make clean && make depend && make for a BSD customer kernel. Not to mention that the ports setup of BSD (el. al.) beats any Linux package setup anyday. (Oh, know here come the rabi-Debian fans). Gentoo is closest in my book for a clean Linux install (then Slakware). Yet, I still hate the part were I get to the kernel config.
Simple is better.
God, I hope not. I do not want a kernel as messy as the Linux one to get mixed into the cleanness that is *BSD.
Tried that. 8 bay drive. The Linux FW driver is not up to the task. Crapped out drives on boot, dropped under heavy load. Just an FYI!