Hardware problem, thanks. 2009/5/10 Jean-Frangois SIMON <[email protected]>
> All, > It was a hardware problem. > > Thanks for help > > 2009/5/10 Jean-Frangois SIMON <[email protected]> > > I do and have booted since. >> Reagrds. >> >> 2009/5/10 Tony Abernethy <[email protected]> >> >>> Dorian B|ttner wrote: >>> >>> > Jean-Frangois SIMON schrieb: >>> > > Hello James, >>> > > If no output to parse means no errors, and verbose mode >>> > just repeat all the >>> > > lines of the pf.conf, then yes it parses. >>> > > >>> > > pflog0 keeps silent, nothing in here while trying to >>> > connect from the subnet >>> > > to the internet. >>> > > >>> > > 2009/5/10 James Records <[email protected]> >>> > > >>> > > >>> > >> Does your pf.conf parse? Try pfctl -nf /etc/pf.conf if >>> > it's not parsing it >>> > >> will not load and behave as you describe also tcpdump on the pflog >>> > >> >>> > > interface >>> > > >>> > >> as well to give yourself another data point >>> > >> >>> > >> J >>> > >> >>> > >> Sent from my iPhone >>> > >> >>> > >> On May 9, 2009, at 3:05 PM, Jean-Frangois SIMON >>> > <[email protected]> >>> > >> wrote: >>> > >> >>> > >> Sorry for forgotting the rest, here you are : >>> > >> >>> > >>> ext_if is actlually working, configures to an adsl box >>> > using DHCP and >>> > >>> actually lynx displays pages. >>> > >>> >>> > >>> int_if is the local network that I want to go through >>> > openbsd box to >>> > >>> access >>> > >>> to internet so I can filter with pf. >>> > >>> >>> > >>> The configuration is a standard nat rule + packet >>> > forwarding between the >>> > >>> two >>> > >>> interfaces so called em0 and em1 resp ext_if and int_if. >>> > >>> >>> > >>> As indicated before, I have pf enables, inet forward >>> > lines uncommented in >>> > >>> sysctl.con >>> > >>> >>> > >>> Packets are received on int_if but not forwarded to ext_if. >>> > >>> >>> > >>> Did I miss something ? Here below pf.conf >>> > >>> >>> > >>> 2009/5/9 Robert <[email protected]> >>> > >>> >>> > >>> On Sat, 9 May 2009 22:52:32 +0200 >>> > >>> >>> > >>>> Jean-Frangois SIMON <[email protected]> wrote: >>> > >>>> # cat /etc/pf.conf >>> > >>>> # $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 >>> > deraadt Exp $ >>> > >>>> # >>> > >>>> # See pf.conf(5) for syntax and examples; this sample >>> > ruleset uses >>> > >>>> # require-order to permit mixing of NAT/RDR and filter rules. >>> > >>>> # Remember to set net.inet.ip.forwarding=1 and/or >>> > >>>> net.inet6.ip6.forwarding=1 >>> > >>>> # in /etc/sysctl.conf if packets are to be forwarded >>> > between interfaces. >>> > >>>> >>> > >>>> ext_if="em0" >>> > >>>> int_if="em1" >>> > >>>> >>> > >>>> set loginterface $ext_if >>> > >>>> set require-order no >>> > >>>> set skip on lo >>> > >>>> scrub in all >>> > >>>> >>> > >>>> # NAT/filter rules and anchors for ftp-proxy(8) >>> > >>>> #nat-anchor "ftp-proxy/*" >>> > >>>> #rdr-anchor "ftp-proxy/*" >>> > >>>> nat on $ext_if from ($int_if:network) -> ($ext_if) >>> > >>>> #rdr pass on ! egress proto tcp to port ftp -> 127.0.0.1 >>> > port 8021 >>> > >>>> #anchor "ftp-proxy/*" >>> > >>>> #pass out proto tcp from $proxy to any port ftp >>> > >>>> >>> > >>>> # NAT/filter rules and anchors for relayd(8) >>> > >>>> #rdr-anchor "relayd/*" >>> > >>>> #anchor "relayd/*" >>> > >>>> >>> > >>>> # NAT rules and anchors for spamd(8) >>> > >>>> #table <spamd-white> persist >>> > >>>> #table <nospamd> persist file "/etc/mail/nospamd" >>> > >>>> #no rdr on egress proto tcp from <nospamd> to any port smtp >>> > >>>> #no rdr on egress proto tcp from <spamd-white> to any port smtp >>> > >>>> #rdr pass on egress proto tcp from any to any port smtp >>> > -> 127.0.0.1 port >>> > >>>> spamd >>> > >>>> >>> > >>>> #block in >>> > >>>> pass in >>> > >>>> pass out >>> > >>>> >>> > >>>> #pass in on $int_if proto tcp to any port 80 >>> > >>>> >>> > >>>> #block in quick from urpf-failed to any # use with care >>> > >>>> >>> > >>>> # By default, do not permit remote connections to X11 >>> > >>>> block in on ! lo0 proto tcp from any to any port 6000 >>> > >>>> >>> > >>>> antispoof for ext_if >>> > >>>> >>> > >>>> Hello, >>> > >>>> >>> > >>>>> Please can you help me with this : >>> > >>>>> >>> > >>>>> I just installed the 4.5 OpenBSD, set up the inet forwarding for >>> > >>>>> unicast and multicase, include the standard NAT rule in >>> > pf.conf such >>> > >>>>> as : nat on $ext_if from ($int_if:network) -> ($ext_if) >>> > >>>>> enable pf >>> > >>>>> check with pfctl -s nat that the correct rule is set. >>> > >>>>> >>> > >>>>> That does not work, with tcpdump i see that packets are not >>> > >>>>> forwarded, i see them on int_if but not on ext_if. >>> > >>>>> >>> > >>>>> Can you give me some help to find out where the problem is ? >>> > >>>>> >>> > >>>>> Thanks. >>> > >>>>> >>> > >>>>> >>> > >>>> Because you dont have a pass rule they get blocked? >>> > >>>> Guessing only goes so far. >>> > >>>> >>> > >>>> Tell us what you want to do. >>> > >>>> Tell us what you tried to get it working. >>> > >>>> Tell us what is in your relevant configs. >>> > >>>> >>> > >>>> Perhaps then someone can tell you what to do. >>> > >>>> >>> > >>>> - Robert >>> > >>>> >>> > Do you have sysctl net.inet.ip.forwarding=1? As described on >>> > top of pf.conf? >>> > >>> Have you booted since?
