Topic: OpenBSD Strange Problem

Hello all respect network administrator, i have set up a openbsd gateway but the wireless connection(gateway) is not detected by client but before this is ok. Can see it widnows but now cannot. I don't know what wrong with it.

I sure my configuration is ok because i didn't edit it.

Another problem now is when oot up to process starting network, previously i did not need to enter ctrl + C to proceeed to DHCP request for rl0 but now i need that. I alos don't know what wrong.

Third problem is from openbsd canno ping to LAN client ip but client can ping to openbsd.

I try router add 176.16.10.11(destination) 176.16.10.1(gateway) return file exists. If this routing is exists, then should be no problem but who come cannot ping from openbsd to client.

I hope you can help me out. becuase my hair has drop until no more hair.

If you all need extra information or configuration, please let me know.

A billion thanks for your help.

Please help me.

Re: OpenBSD Strange Problem

Any help please ?

Re: OpenBSD Strange Problem

My first suggestion is to go back to basics on the OpenBSD box

1) Disable the firewall
2) check the IP address (ensure it's valid and within the correct subnet mask range)
3) Check LAN cables and start pinging

Get the basic LAN running before you progress on to configuring the firewall - then you know only the firewall is causing the issue. You can then configure the DNS and default routes, etc.

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: OpenBSD Strange Problem

also you can disable your dhcp client and use a static ip address

try to keep thinks simple ! When ensure that everything is ok go to next level by activating dhcp client, firewall ...

Re: OpenBSD Strange Problem

My /etc/dhcpd.conf is as follow :

subnet 172.16.10.10 netmask 255.240.0.0
{
    option routers 172.16.10.1;
    range 172.16.10.12. 176.16.10.14;
}

subnet 192.168..0.0 netmsak 255.255.0.0
{
   option routers 192.168.5.1;
   range 192.168.5.12 .192.168.5.15;
}

/etc/hostname.rl1 :
inet 172.16.10.1 none;

/etc/hostname.ral0 :
inet 192.168.5.1 and some other option as access point.

/etc/dhcpd.interfaces : ral0 and rl1;


I using private internal address.

If i disable the firewal, then how to do NAT ?

How to disable dhcp client ? My external interface is get ip from modem by dhcp client.

I also try to use static ip as hardware ethernet and assign an ip address to client but no use also.

My wireless don't know why cannot be a access point anymore.

I don't know why.

A billion thanks for your help.

Re: OpenBSD Strange Problem

Pinging from Fedora 7 Live to openbsd [ok]
Pinging from openbsd to Fedora 7 live [ok]

Fedora 7 live cannot browse, i have no idea.

Pinging my iSP dns not respond and google also.

This happen when using range address and not static ip with hardware address, then fixed-address;

I think my dns file in openbsd has deleted. Where is the file for dns server.

What cannot browse from Fedora 7 live?
This is weird.

My wireless canot up and act as access point.

I try to recreate the file but same problem. The card is detected and show in dmesg as Rt2561s which is a Linksys card WMP54gs v4.

I really need your guys help.

Thanks for your help.

Last edited by Peter_APIIT (2008-03-03 11:22:33)

Re: OpenBSD Strange Problem

I think my wireless connection up by automatically is because /etc/netstart cannot parse the file.

What is your opinion ?

A billion thanks for your help.

Re: OpenBSD Strange Problem

Hello asemisldkfj and other expect openbsd users, i know that i should not urge for help but i really run out of help and my head almost exploded.

A billion thanks for your help.

Re: OpenBSD Strange Problem

is "net.inet.ip.forwarding=1" uncommented in /etc/sysctl.conf on the OpenBSD box?

what does /etc/hostname.* contain? (*=wireless card interface name)

Re: OpenBSD Strange Problem

I pretty sure that "net.ip.forwading = 1 is comment out and my hostname file is /etc/hostname.ral0 : This is a Linksys WMP 54GS cards. This can be detected at boot as chipset AR something. Let me check and get back to you.

Re: OpenBSD Strange Problem

My friends say this is a problem of dhcp where by default dhcpd is chroot and therefore i cannot get an ip address. Is it true ?

Re: OpenBSD Strange Problem

chroot should make no difference as long as the process can bind to the necessary port

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: OpenBSD Strange Problem

May be is the nat problem ?

Because i did as below :

nat on $ext_if from $int_if:network to any -> ($ext_if)

I have macro as int_If = rl1

I cannot browse at all and i can ping my external interface which is 192.168.1.2(Dhclient by modem) and public ip address from Fedora 8 but not XP.

XP return destination is not routable.

I have run out of idea and solution.

Last edited by Peter_APIIT (2008-04-09 10:18:17)

Re: OpenBSD Strange Problem

Any help is greatly appreciated by me and others.

Re: OpenBSD Strange Problem

Have you set your default gateway?

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: OpenBSD Strange Problem

I didn't set my/etc/mygate since my public ip is dynamic.

Is it correct ?

Thanks for your help.

Re: OpenBSD Strange Problem

See if it's automatically set with the command "netstat -rn"

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: OpenBSD Strange Problem

Network Diagram :
Modem->(rl0)OPenBSD(rl1 && ral0)->client

Netstat -rn Output :

Internet

Destination Gateway Flags Refs Use MTU Interface
default 219.93.218.177 UGS 0 343 - tun0
127/8 127.0.0.1 UGRS 0 0 33224 lo0
127.0.0.1 127.0.0.1 UH 2 14 33224 lo0
172.16/12 link#2 UC 1 0 - rl1
172.16.10.5 H.A UHLc 1 71 - rl1
192.168.1/24 link#1 UC 1 0 - rl0
192.168.168.1.1 H.A UHLc 0 9 - rl0
192.168.1.2 127.0.0.1 UGRS 0 2 33224 lo0
219.93.218.177 60.48.176.167 UH 1 0 1492 tun0
224/4 127.0.0.1 URS 0 3 33224 lo0



ifconfig Output :

rl0 - External Interface
rl1 - Internal Interface
ral0 - Wireless Interface

rl0 - dhcp by modem
/etc/hostname.rl0 : dhcp NONE NONE

/etc/hostname.rl1 : inet 172.16.10.1 255.240.0.0 NONE

/etc/hostname.ral0 : inet 192.168.5.1 255.255.0.0 NONE and some other config to be an ap



/etc/pf.conf

block in on ext_if log all

pass out on int_if and wl_if

scrub all

nat on $ext_if from $int_if:network to any -> ($ext_if)
nat on $ext_if from $wl_if:network to any -> ($ext_if)

Previously, openbsd can ping to client and client can ping to openbsd but now i don't know why cnanot

openbsd cannot ping client anymore.

/etc/dhcpd.conf

subnet 172.16.0.0 netmask 255.240.0.0 {

option routers 172.16.10.1;
range 172.16.10.5.3 172.16.10.5.5;
}

subnet 192.168.0.0 netmask 255.255.0.0{
option routers 192.168.5.;
range 192.168.5.3 192.168.5.5;
}


219.93.218.177 is from my account to my ISP gateway.

Thanks for your help.

Re: OpenBSD Strange Problem

From this forum, http://forum.mybsd.org.my/index.php?act … ;topic=235

asked me to route add 172.16.10.0 192.168.1.1 in my modem Web UI.

I suspect this command will break my defense. Since from modem directly to internal interface.

Re: OpenBSD Strange Problem

arp -a give me as below :

(172.16.10.5) at 00:50:8d:b7:3b:bd on rl1
(192.168.1.1) at 00:60:0a:93:58 on rl0
(192.168.5.12) at 00:18:de:78:29:3a on ral0

I using pppoe.

Thanks for your help.

Re: OpenBSD Strange Problem

Looking at my dhcpd.conf I have:

        option  domain-name-servers 192.168.1.1, 62.30.112.39. 194.117.134.19;

These are the DNS servers that the clients will use (in order of preference). From your entries I see no reference to this - therefore, how are you expecting DHCP clients to resolve domain names? Obviously you can't use the ones I have as they are specific to my ISP. However, check /etc/resolv.conf on the firewall as this will be updated when the firewall gets its IP from your ISP.

Also, your NAT entry looks weird to me, I have simply this:

nat on $ext_if from !($ext_if) -> ($ext_if:0)

that should resolve all your NAT stuff - you only NAT on the external IP; unless you're trying to do something weird/unique.

Also, are these the only two rules you have?

block in on ext_if log all
pass out on int_if and wl_if

If so, how do you expect the data to pass through your firewall? Data is two way, in and out. If I'm understanding your setup correctly, you'll want something closer to:

pass quick on { lo, int_if, wl_if }
block in
pass out keep state

This will allow all data from your wireless and internal network to communicate and surf the net while blocking anyone trying to connect to your firewall. Then you need to simply define what you want to allow in from the Internet (like if you have a webserver that you want to allow people to access or an email server, etc).

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: OpenBSD Strange Problem

I got set skip on lo0 in firewall rules and i got pass out for int_if and wl_if. Perhaps i should try add another lo0 t


I got this options in top of my /etc/dhcpd.conf before the first subnet of 172.16..0.0 but when i put option domain-name-servers to the subnet. Then i get an error from /var/log/daemon.

option  domain-name-servers 192.168.1.1, 62.30.112.39. 194.117.134.19;

http://www.openbsd.org/faq/pf/nat.html#config
I just follow from the OpenBSD FAQ but i got two NAT which is one from wireless internal interface and wired internal interface.

nat on $ext_if from $int_if:network to any -> ($ext_if)
nat on $ext_if from $wl_if:network to any -> ($ext_if)


nat on $ext_if from !($ext_if) -> ($ext_if:0)

Thanks for your help.

A billion thanks again.

Re: OpenBSD Strange Problem

Perhaps i should try follow ur advise and get back to you.

Re: OpenBSD Strange Problem

I have try ur NAT method but still cannot browse.
I have option domain-name-server on top of /etc/dhcpd.conf
My fedora 8 can get this name server but not able to ping from.
MY /etc/resolve.conf :

lookup file bind
202.188.133
202.188.1.5

I just cannot browse.

Re: OpenBSD Strange Problem

Earlier you said this:

Peter_APIIT wrote:

I pretty sure that "net.ip.forwading = 1 is comment out

This is wrong - it should be UNCOMMENTED so as to allow IP forwarding.

Also, can the firewall surf the net ok?

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus