BSDnexus forums
You are not logged in.
#26 2008-04-25 01:23:44
- Peter_APIIT
- Member
- Registered: 2007-12-03
- Posts: 58
Re: OpenBSD Strange Problem
I have check this with this command sysctl net.inet.ip nad openbsd report is true.
I can surf the net from openbsd box.
Offline
#27 2008-04-26 17:00:51
- WIntellect
- NetBSD addict, who’s allegedly elitist!
- From: United Kingdom
- Registered: 2005-03-25
- Posts: 1500
- Website
Re: OpenBSD Strange Problem
Ok - so the next step is to make your firewall wide open.
Configure it to pass all packets with "keep state" also enabled. This will prove that the system works in principle - then you can write the rules to block stuff.
"UBER" means I don't drink the coffee... I chew the beans instead
-- Copyright BSDnexus
Offline
#28 2008-04-29 05:31:25
- Peter_APIIT
- Member
- Registered: 2007-12-03
- Posts: 58
Re: OpenBSD Strange Problem
I have pass out all rules for lo0, rl0, rl1 and ral0 and keep state is default in OpenBSD 4.1 for all rules.
I using client to ping my ISP dns server then i verified it with in my openbsd box i issue command pftop and pfctl to check whether got any packet is been block.
Unfortunately, no packet is block.
I not ignore your solution but just want to narrow down the problem and find the solution.
If my sentence cause you uncomfortable, please let me know.
In another forum, someone asked me to change the wireless interface subnet mask from /16/ to /24.
I only have port sentry activated and listen to some ports in order to block hacker before pf firewall do. I will try to off it and see.
Thanks for your help.
Offline
#29 2008-04-30 17:47:27
- WIntellect
- NetBSD addict, who’s allegedly elitist!
- From: United Kingdom
- Registered: 2005-03-25
- Posts: 1500
- Website
Re: OpenBSD Strange Problem
Peter_APIIT wrote:
I have pass out all rules for lo0, rl0, rl1 and ral0 and keep state is default in OpenBSD 4.1 for all rules.
Do you have "pass in" rules for all those interfaces too? else the packets aren't entering the firewall - which would be the issue
"UBER" means I don't drink the coffee... I chew the beans instead
-- Copyright BSDnexus
Offline
#30 2008-05-02 10:03:06
- Peter_APIIT
- Member
- Registered: 2007-12-03
- Posts: 58
Re: OpenBSD Strange Problem
Then how do i write a general pass rules for my internal interface and wireless interface ?
Is it something like pass all ?
Thanks.
Offline
#31 2008-05-02 11:21:42
- WIntellect
- NetBSD addict, who’s allegedly elitist!
- From: United Kingdom
- Registered: 2005-03-25
- Posts: 1500
- Website
Re: OpenBSD Strange Problem
to pass all traffic on your interfaces on your system you'd have a rule something like this:
Code:
pass quick on { lo, rl0, rl1, ral0 }This will make your network wide open - but it will prove that communication exists between all network interfaces. From there you can rewrite the rules and block what you want 
"UBER" means I don't drink the coffee... I chew the beans instead
-- Copyright BSDnexus
Offline
#32 2008-05-06 11:05:45
- Peter_APIIT
- Member
- Registered: 2007-12-03
- Posts: 58
Re: OpenBSD Strange Problem
I have try t pass out all and your rules but still cannot find any clue why i cannot from my client.
I check it with pftop and pfctl , nothing seem block the connection.This make me believe that there must be something else that cause the problem.
This is really a strange problem.
I using PPPOE in my OPenBSD 4.1 box.
Here is some warning for ipv6 using PPPOE :
tun0: warning: 0.0.0.0/.: Change route failed: errno: No usch process
tun0: warning: ff01:7::/32: Change route failed: errno: Network is unreachable
tun0: warning: ff02:7::/32: Change route fialed: Network is unreachable
I get some infor from pfctl also.
Here it is.
states :
all icmp 202.188.0.133:2570 <- 172.16.10.10 0:0
all udp 202.188.1.5:53 <- 172.16.10.10:32812 NO_TRAFFIC:SINGLE
all udp 202.188.0.133:53 <- 172.16.10.10:32812 NO_TRAFFIC:SINGLE
all udp 202.188.1.5 <- 172.16.10.10:32813 NO_TRAFFIC:SINGLE
I really need to fix this up.
This is really a strange problem.
Thanks for your help.
Offline
#33 2008-05-11 01:57:32
- Peter_APIIT
- Member
- Registered: 2007-12-03
- Posts: 58
Re: OpenBSD Strange Problem
Any help please.
Offline
#34 2008-06-03 10:48:54
- Peter_APIIT
- Member
- Registered: 2007-12-03
- Posts: 58
Re: OpenBSD Strange Problem
Why no one is helping me ?
My current description of situation is in post 25
[html]
http://www.bsdforums.org/forums/showthr … amp;page=2
[/html]
What is the function of these two pf rules ?
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
Thanks for your help.
Last edited by Peter_APIIT (2008-06-04 02:01:40)
Offline
#35 2008-06-23 08:47:07
Re: OpenBSD Strange Problem
Code:
pass in on $int_if from $int_if:network to any keep state pass out on $int_if from any to $int_if:network keep state
Those are for passing in/out internal traffic. First one allows traffic from LAN ($int_if:network) to pass in to $int_if and second rule allows traffic to pass out to LAN from $int_if on the firewall.
Keep Smiling
Offline
#36 2008-06-23 11:08:48
- Peter_APIIT
- Member
- Registered: 2007-12-03
- Posts: 58
Re: OpenBSD Strange Problem
Thanks for your help.
My problem has been solved.
Offline