Unix Technical Forum

Re: important pf diff, needs lots of testiing and review

This is a discussion on Re: important pf diff, needs lots of testiing and review within the lucky.openbsd.tech forums, part of the OpenBSD category; --> it seems to break NAT. we'll try to fix that while we're driving to calgary. * Simon Slater <s.slater@talk21.com> ...


Go Back   Unix Technical Forum > Unix Operating Systems > OpenBSD > lucky.openbsd.tech

Re: important pf diff, needs lots of testiing and review Re: important pf diff, needs lots of testiing and review

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-22-2008, 12:32 PM
Henning Brauer
 
Posts: n/a
Default Re: important pf diff, needs lots of testiing and review
it seems to break NAT. we'll try to fix that while we're driving to
calgary.

* Simon Slater <s.slater@talk21.com> [2005-05-18 21:19]:
> Same problem here, although it's taken me until now to
> notice it because my local squid proxy meant that web
> access still worked fine. NAT doesn't seem to be
> working, giving the same result as below with traffic
> reaching the external interface without NAT'ing. This
> was after a kernel and full userland build.
>
> I've since removed the patch which seems to have got
> everything working again but i'm happy to
> re-apply/re-test if necessary.
>
> Simon
>
>
> --- Johan Fredin <griffin@legonet.org> wrote:
>
> > On Mon, 16 May 2005, Henning Brauer wrote:
> > > important to test (besides lots of general
> > testing) is hotplugging
> > > interfaces, and removal. load rulesets referring
> > to not yet existant
> > > interfaces and plug em later and verify the rules
> > work as intended and
> > > such.
> >
> > This breaks my home network gateway. From the
> > gateway itself I can ping
> > the world, but not from any hosts behind it. I tried
> > with a very
> > minimalistic pf.conf:
> >
> > nat on fxp0 from 10.0.0.0/16 to any -> pu.bl.ic.ip
> > pass all keep state
> >
> > But no go. tcpdump'ing on the external interface
> > shows that the packets
> > get out, but are not nat'ed. And yes, I made sure pf
> > was enabled.
> >
> > # tcpdump -ni fxp0 icmp
> > tcpdump: listening on fxp0, link-type EN10MB
> > 00:56:26.597259 10.0.0.10 > 130.240.202.203: icmp:
> > echo request
> > 00:56:27.662963 10.0.0.10 > 130.240.202.203: icmp:
> > echo request
> >
> > As I said earlier, pinging the world from the
> > gateway itself is not a
> > problem. Pinging the gw from an internal host works
> > too.
> >
> > dmesg included below.
> >
> > /Johan
> >
> > OpenBSD 3.7-current (GENERIC) #2: Wed May 18
> > 01:17:28 CEST 2005
> >
> >
> griffin@tanya.foo:/usr/src/sys/arch/i386/compile/GENERIC
> > cpu0: Intel Pentium II ("GenuineIntel" 686-class,
> > 512KB L2 cache) 397 MHz
> > cpu0:
> >
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MC A,CMOV,PAT,PSE36,MMX,FXSR
> > real mem = 66691072 (65128K)
> > avail mem = 53415936 (52164K)
> > using 839 buffers containing 3436544 bytes (3356K)
> > of memory
> > mainbus0 (root)
> > bios0 at mainbus0: AT/286+(af) BIOS, date 05/13/99,
> > BIOS32 rev. 0 @ 0xfd781
> > apm0 at bios0: Power Management spec V1.2
> > apm0: AC on, battery charge unknown
> > pcibios0 at bios0: rev 2.1 @ 0xfd190/0xf4ec0
> > pcibios0: PCI IRQ Routing Table rev 1.0 @
> > 0xf76d0/144 (7 entries)
> > pcibios0: PCI Interrupt Router at 000:07:0 ("Intel
> > 82371FB ISA" rev 0x00)
> > pcibios0: PCI bus #1 is the last bus
> > bios0: ROM list: 0xc0000/0x8000 0xc8000/0x800
> > 0xdc000/0x4000!
> > cpu0 at mainbus0
> > pci0 at mainbus0 bus 0: configuration mode 1 (no
> > bios)
> > pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP"
> > rev 0x02
> > ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP"
> > rev 0x02
> > pci1 at ppb0 bus 1
> > vga1 at pci1 dev 0 function 0 "ATI Rage Pro" rev
> > 0x5c
> > wsdisplay0 at vga1 mux 1: console (80x25, vt100
> > emulation)
> > wsdisplay0: screen 1-5 added (80x25, vt100
> > emulation)
> > pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4
> > ISA" rev 0x02
> > pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE"
> > rev 0x01: DMA, channel 0 wired to compatibility,
> > channel 1 wired to compatibility
> > wd0 at pciide0 channel 0 drive 0: <FUJITSU
> > MPC3043AT>
> > wd0: 16-sector PIO, LBA, 4125MB, 8448300 sectors
> > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
> > atapiscsi0 at pciide0 channel 1 drive 0
> > scsibus0 at atapiscsi0: 2 targets
> > cd0 at scsibus0 targ 0 lun 0: <NEC, CD-ROM
> > DRIVE:282, 4.62> SCSI0 5/cdrom removable
> > cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
> > uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB"
> > rev 0x01: irq 7
> > usb0 at uhci0: USB revision 1.0
> > uhub0 at usb0
> > uhub0: Intel UHCI root hub, class 9/0, rev
> > 1.00/1.00, addr 1
> > uhub0: 2 ports with 2 removable, self powered
> > "Intel 82371AB Power Mgmt" rev 0x02 at pci0 dev 7
> > function 3 not configured
> > fxp0 at pci0 dev 8 function 0 "Intel 82557" rev
> > 0x05, i82558: irq 9, address 00:00:0e:9c:b0:62
> > inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
> > xl0 at pci0 dev 18 function 0 "3Com 3c905C
> > 100Base-TX" rev 0x74: irq 11, address
> > 00:01:02:21:12:37
> > bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY,
> > rev. 6
> > xl1 at pci0 dev 20 function 0 "3Com 3c905B
> > 100Base-TX" rev 0x30: irq 10, address
> > 00:50:04:71:6e:18
> > exphy0 at xl1 phy 24: 3Com internal media interface
> > isa0 at pcib0
> > isadma0 at isa0
> > pckbc0 at isa0 port 0x60/5
> > pckbd0 at pckbc0 (kbd slot)
> > pckbc0: using irq 1 for kbd slot
> > wskbd0 at pckbd0: console keyboard, using wsdisplay0
> > pcppi0 at isa0 port 0x61
> > midi0 at pcppi0: <PC speaker>
> > spkr0 at pcppi0
> > sysbeep0 at pcppi0
> > npx0 at isa0 port 0xf0/16: using exception 16
> > pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte
> > fifo
> > pccom0: console
> > pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte
> > fifo
> > fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> > fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
> > isapnp0 at isa0 port 0x279: read port 0x203
> > wss1 at isapnp0 "CS4235, CSC0100, , WSS/SB" port
> > 0x534/4,0x388/4,0x220/16 irq 5 drq 1,0:
> > CS4236/CS4236B (vers 0)
> > audio0 at wss1
> > "CS4235, CSC010F, , Disabled" at isapnp0 not
> > configured
> > "CS4235, CSC0110, , CTRL" at isapnp0 port 0x120/8
> > not configured
> > biomask f1c5 netmask ffc5 ttymask ffc7
> > pctr: 686-class user-level performance counters
> > enabled
> > mtrr: Pentium Pro MTRR support
> > dkcsum: wd0 matched BIOS disk 80
> > root on wd0a
> > rootdev=0x0 rrootdev=0x300 rawdev=0x302
> >
> >
>
>
> -----------------------------------------
> PGP Key ID: 0x4B1C0992
>
>
>
> __________________________________________________ _________
> How much free photo storage do you get? Store your holiday
> snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« =?windows-1251?B?0sXVzc7LzsPIyCDAytLIws3Ow84gz87I0crAIMrCwMvI1MjWyNDOwsDNzdvVINHPxdbIwMvI0dLOwiAgICBpbmZvbWFuaWEuY29tLnVh?= | Integer overflow in comspeed (pccom.c) »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT. The time now is 10:24 AM.

Contact Us - Unix Technical Forums - Top

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0
www.UnixAdminTalk.com