Re: OpenBSD Strange Problem

I have check this with this command sysctl net.inet.ip nad openbsd report is true.

I can surf the net from openbsd box.

Re: OpenBSD Strange Problem

Ok - so the next step is to make your firewall wide open.

Configure it to pass all packets with "keep state" also enabled. This will prove that the system works in principle - then you can write the rules to block stuff.

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: OpenBSD Strange Problem

I have pass out all rules for lo0, rl0, rl1 and ral0 and keep state is default in OpenBSD 4.1 for all rules.

I using client to ping my ISP dns server then  i verified it with in my openbsd box i issue command pftop and pfctl to check whether got any packet is been block.

Unfortunately, no packet is block.

I not ignore your solution but just want to narrow down the problem and find the solution.

If my sentence cause you uncomfortable, please let me know.


In another forum, someone asked me to change the wireless interface subnet mask from /16/ to /24.

I only have port sentry activated and listen to some ports in order to block hacker before pf firewall do. I will try to off it and see.

Thanks for your help.

Re: OpenBSD Strange Problem

Peter_APIIT wrote:

I have pass out all rules for lo0, rl0, rl1 and ral0 and keep state is default in OpenBSD 4.1 for all rules.

Do you have "pass in" rules for all those interfaces too? else the packets aren't entering the firewall - which would be the issue

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: OpenBSD Strange Problem

Then how do i write a general pass rules for my internal interface and wireless interface ?

Is it something like pass all ?

Thanks.

Re: OpenBSD Strange Problem

to pass all traffic on your interfaces on your system you'd have a rule something like this:

pass quick on { lo, rl0, rl1, ral0 }

This will make your network wide open - but it will prove that communication exists between all network interfaces. From there you can rewrite the rules and block what you want wink

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: OpenBSD Strange Problem

I have try t pass out all and your rules but still cannot find any clue why i cannot from my client.

I check it with pftop and pfctl , nothing seem block the connection.This make me believe that there must be something else that cause the problem.

This is really a strange problem.

I using PPPOE in my OPenBSD 4.1 box.

Here is some warning for ipv6 using PPPOE :

tun0: warning: 0.0.0.0/.: Change route failed: errno: No usch process

tun0: warning: ff01:7::/32: Change route failed: errno: Network is unreachable

tun0: warning: ff02:7::/32: Change route fialed: Network is unreachable

I get some infor from pfctl also.

Here it is.

states :

all icmp 202.188.0.133:2570 <- 172.16.10.10      0:0
all udp 202.188.1.5:53 <- 172.16.10.10:32812 NO_TRAFFIC:SINGLE

all udp 202.188.0.133:53 <- 172.16.10.10:32812 NO_TRAFFIC:SINGLE

all udp 202.188.1.5 <- 172.16.10.10:32813 NO_TRAFFIC:SINGLE

I really need to fix this up.

This is really a strange problem.

Thanks for your help.

Re: OpenBSD Strange Problem

Any help please.

Re: OpenBSD Strange Problem

Why no one is helping me ?

My current description of situation is in post 25

[html]

http://www.bsdforums.org/forums/showthr … amp;page=2
[/html]


What is the function of these two pf rules ?

pass in on $int_if from $int_if:network to any keep state

pass out on $int_if from any to $int_if:network keep state

Thanks for your help.

Last edited by Peter_APIIT (2008-06-04 01:01:40)

Re: OpenBSD Strange Problem

pass in on $int_if from $int_if:network to any keep state

pass out on $int_if from any to $int_if:network keep state

Those are for passing in/out internal traffic. First one allows traffic from LAN ($int_if:network) to pass in to $int_if and second rule allows traffic to pass out to LAN from $int_if on the firewall.

Keep Smiling

Re: OpenBSD Strange Problem

Thanks for your help.

My problem has been solved.