I am having troubles with this pf configuration, it seems when loaded nothing can access my server on the internal interface for the LAN, I cannot see why, and it's pretty much based off the very standard example in the OpenBSD faq.
When I unload the configuration, I can access the DNS server on the firewall running this configuration. It seems to forward everything through to the Internet, but blocks DNS which makes it pretty useless. I've looked at it at least five times...
What is wrong?
Bonus points if you can tell me how to do this so it only needs to load once, and not be loaded by a shell script after userland pppoe successfully connects.
Please help. I have downloaded the openbsd 2.9 snapshot from ftp.openbsd.org. the following files were downloaded from the snapshot dir. ( the whole dir. was downloaded ) base29,bsd,bsd.rd,cdrom29.fs,cksum,comp29,etc29,all three floppy images,game29,index,install.ata,install.chs... (11 Replies)
Hi there..
I'm new to openbsd, and I recently tried the ports-system..
I downloaded the ports-tree from ftp, and unpacked it in /usr/ports
Then I typed 'make search key=centericq'
I got some info about it.. but it wasn't the latest version.. the version I use at my gentoo linux box, is... (6 Replies)
Hi
Right now, my computer is connected directly to the internet.. but I recently got another one, and now I want to use this to share my internet connection to the other one.
The new one has openbsd installed..
How should I do?
I also need to forward connections on some ports to my old... (4 Replies)
Can't setup OpenBSD 3.4 with Maxtor Diamond Plus 9 80Gb ATA/133 HDD... Install process stops at hardware initialize, before installing... :confused:
Any Comments...
Thanks (2 Replies)
Im trying to gather some info to set up snort on openbsd 3.2, has anyone out there managed to get it up and running ? My initial attempts seem to be quite below par (4 Replies)
Hello,
Ok I have a couple of little problems that I can't for the life of me work out how to solve. I wasn't involved in setting the server up, I've just "inherited" the support for it. I've done my best to be a good little newbie, researched articles, tried things out and managed to only get... (1 Reply)
I've just installed OpenBSD on my laptop (IBM Thinkpad T42) and since this is my first time with wireless networking in OpenBSD I'm a bit lost.
What I would like to do is connect to a wireless network using WEP or WPA. Where do I place the key and essid? (3 Replies)
I am an eight year Linux user and after getting into an argument with someone about OpenBSD overiding my theory that OS security is 50% OS and 50% admin skill, I decided to try OpenBSD for myself. I've tried BSDs before and haven't been able to get into them for day to dy use, but I am going to... (7 Replies)
hello ,
I wondered if anyone could assist me in writing a simple packet filter firewall on my OpenBSD v4.5.
All I intend doing is to have two firewalling machine on a separate network :
192.168.1.1
ext_if = xl0 (dhcp) // Internet interface
int_if=xl1 // Internatl interface
... (0 Replies)
As the title suggests I ran into a little problem trying to create a virtual machine of Kali Linux usign Qemu inside OpenBSD. I edited the example Kali Linux gave on their website here to the following for BSD:
qemu-system-i386 -hda ./kali.qcow2 -boot d -cdrom ./kali-linux-1.0.5-i386.iso -m... (0 Replies)
Discussion started by: Azrael
0 Replies
LEARN ABOUT OSX
tc-mirred
Mirror/redirect action in tc(8) Linux Mirror/redirect action in tc(8)NAME
mirred - mirror/redirect action
SYNOPSIS
tc ... action mirred DIRECTION ACTION [ index INDEX ] dev DEVICENAME
DIRECTION := { ingress | egress }
ACTION := { mirror | redirect }
DESCRIPTION
The mirred action allows packet mirroring (copying) or redirecting (stealing) the packet it receives. Mirroring is what is sometimes
referred to as Switch Port Analyzer (SPAN) and is commonly used to analyze and/or debug flows.
OPTIONS
ingress
egress Specify the direction in which the packet shall appear on the destination interface.
mirror
redirect
Define whether the packet should be copied (mirror) or moved (redirect) to the destination interface.
index INDEX
Assign a unique ID to this action instead of letting the kernel choose one automatically. INDEX is a 32bit unsigned integer greater
than zero.
dev DEVICENAME
Specify the network interface to redirect or mirror to.
EXAMPLES
Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for debugging purposes:
# tc qdisc add dev eth0 handle ffff: ingress
# tc filter add dev eth0 parent ffff: u32
match u32 0 0
action police rate 1mbit burst 100k conform-exceed pipe
action mirred egress redirect dev lo
Mirror all incoming ICMP packets on eth0 to a dummy interface for examination with e.g. tcpdump:
# ip link add dummy0 type dummy
# ip link set dummy0 up
# tc qdisc add dev eth0 handle ffff: ingress
# tc filter add dev eth0 parent ffff: protocol ip
u32 match ip protocol 1 0xff
action mirred egress mirror dev dummy0
Using an ifb interface, it is possible to send ingress traffic through an instance of sfq:
# modprobe ifb
# ip link set ifb0 up
# tc qdisc add dev ifb0 root sfq
# tc qdisc add dev eth0 handle ffff: ingress
# tc filter add dev eth0 parent ffff: u32
match u32 0 0
action mirred egress redirect dev ifb0
SEE ALSO tc(8), tc-u32(8)iproute2 11 Jan 2015 Mirror/redirect action in tc(8)