Visit Our UNIX and Linux User Community


OpenBSD pf problems


 
Thread Tools Search this Thread
Operating Systems BSD OpenBSD pf problems
# 1  
Old 11-20-2011
OpenBSD pf problems

I am having troubles with this pf configuration, it seems when loaded nothing can access my server on the internal interface for the LAN, I cannot see why, and it's pretty much based off the very standard example in the OpenBSD faq.

When I unload the configuration, I can access the DNS server on the firewall running this configuration. It seems to forward everything through to the Internet, but blocks DNS which makes it pretty useless. I've looked at it at least five times...

Code:
[john@baal ~$ cat /etc/pf.conf
int_if="xl0"
ext_if="tun0"

rothbard="10.0.0.10"
baal="10.0.0.2"
smass="10.0.0.1"

tcp_services="{22}"
icmp_types="echoreq"

set block-policy return
set loginterface $ext_if
set skip on lo

match out on egress inet from !(egress:network) to any nat-to (egress:0)

block in log
pass out quick

antispoof quick for { lo $int_if }

pass in on egress inet proto tcp from any to (egress) \
        port $tcp_services
#After this goes forwarded ports... Probably just use ssh tunnels.

pass in inet proto icmp all icmp-type $icmp_types

What is wrong?

Bonus points if you can tell me how to do this so it only needs to load once, and not be loaded by a shell script after userland pppoe successfully connects.

Previous Thread | Next Thread
Test Your Knowledge in Computers #665
Difficulty: Easy
In 2000, Microsoft cofounder Bill Gates relinquished his role as CEO of Microsoft to Steve Baltimore.
True or False?

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Qemu Problems: OpenBSD(host) Kali Linux(guest)

As the title suggests I ran into a little problem trying to create a virtual machine of Kali Linux usign Qemu inside OpenBSD. I edited the example Kali Linux gave on their website here to the following for BSD: qemu-system-i386 -hda ./kali.qcow2 -boot d -cdrom ./kali-linux-1.0.5-i386.iso -m... (0 Replies)
Discussion started by: Azrael
0 Replies

2. BSD

openbsd-pf

hello , I wondered if anyone could assist me in writing a simple packet filter firewall on my OpenBSD v4.5. All I intend doing is to have two firewalling machine on a separate network : 192.168.1.1 ext_if = xl0 (dhcp) // Internet interface int_if=xl1 // Internatl interface ... (0 Replies)
Discussion started by: mattjam
0 Replies

3. BSD

Trying to get into OpenBSD

I am an eight year Linux user and after getting into an argument with someone about OpenBSD overiding my theory that OS security is 50% OS and 50% admin skill, I decided to try OpenBSD for myself. I've tried BSDs before and haven't been able to get into them for day to dy use, but I am going to... (7 Replies)
Discussion started by: deckard
7 Replies

4. BSD

OpenBSD and wireless

I've just installed OpenBSD on my laptop (IBM Thinkpad T42) and since this is my first time with wireless networking in OpenBSD I'm a bit lost. What I would like to do is connect to a wireless network using WEP or WPA. Where do I place the key and essid? (3 Replies)
Discussion started by: Timmy66
3 Replies

5. UNIX for Dummies Questions & Answers

OpenBSD Ftp permissions problems - help!!

Hello, Ok I have a couple of little problems that I can't for the life of me work out how to solve. I wasn't involved in setting the server up, I've just "inherited" the support for it. I've done my best to be a good little newbie, researched articles, tried things out and managed to only get... (1 Reply)
Discussion started by: Andy68man
1 Replies

6. BSD

Snort on openbsd

Im trying to gather some info to set up snort on openbsd 3.2, has anyone out there managed to get it up and running ? My initial attempts seem to be quite below par (4 Replies)
Discussion started by: malcontent
4 Replies

7. Filesystems, Disks and Memory

Maxtor vs. OpenBSD

Can't setup OpenBSD 3.4 with Maxtor Diamond Plus 9 80Gb ATA/133 HDD... Install process stops at hardware initialize, before installing... :confused: Any Comments... Thanks (2 Replies)
Discussion started by: bsdave
2 Replies

8. UNIX for Dummies Questions & Answers

OpenBSD as router?

Hi Right now, my computer is connected directly to the internet.. but I recently got another one, and now I want to use this to share my internet connection to the other one. The new one has openbsd installed.. How should I do? I also need to forward connections on some ports to my old... (4 Replies)
Discussion started by: Maestin
4 Replies

9. UNIX for Dummies Questions & Answers

OpenBSD: ports

Hi there.. I'm new to openbsd, and I recently tried the ports-system.. I downloaded the ports-tree from ftp, and unpacked it in /usr/ports Then I typed 'make search key=centericq' I got some info about it.. but it wasn't the latest version.. the version I use at my gentoo linux box, is... (6 Replies)
Discussion started by: Maestin
6 Replies

10. UNIX for Dummies Questions & Answers

please help with openbsd 2.9

Please help. I have downloaded the openbsd 2.9 snapshot from ftp.openbsd.org. the following files were downloaded from the snapshot dir. ( the whole dir. was downloaded ) base29,bsd,bsd.rd,cdrom29.fs,cksum,comp29,etc29,all three floppy images,game29,index,install.ata,install.chs... (11 Replies)
Discussion started by: Blunt_Killer
11 Replies
MAKEWHATIS(8)                                                 System Manager's Manual                                                MAKEWHATIS(8)

NAME
makewhatis - index UNIX manuals SYNOPSIS
makewhatis [-aDnpQ] [-T utf8] [-C file] makewhatis [-aDnpQ] [-T utf8] dir ... makewhatis [-DnpQ] [-T utf8] -d dir [file ...] makewhatis [-Dnp] [-T utf8] -u dir [file ...] makewhatis [-DQ] -t file ... DESCRIPTION
The makewhatis utility extracts keywords from UNIX manuals and indexes them in a database for fast retrieval by apropos(1), whatis(1), and man(1)'s -k option. By default, makewhatis creates a database in each dir using the files mansection/[arch/]title.section and catsection/[arch/]title.0 in that directory. Existing databases are replaced. If a directory contains no manual pages, no database is created in that directory. If dir is not provided, makewhatis uses the default paths stipulated by man.conf(5). The arguments are as follows: -a Use all directories and files found below dir .... -C file Specify an alternative configuration file in man.conf(5) format. -D Display all files added or removed to the index. With a second -D, also show all keywords added for each file. -d dir Merge (remove and re-add) file ... to the database in dir. -n Do not create or modify any database; scan and parse only, and print manual page names and descriptions to standard output. -p Print warnings about potential problems with manual pages to the standard error output. -Q Quickly build reduced-size databases by reading only the NAME sections of manuals. The resulting databases will usually contain names and descriptions only. -T utf8 Use UTF-8 encoding instead of ASCII for strings stored in the databases. -t file ... Check the given files for potential problems. Implies -a, -n, and -p. All diagnostic messages are printed to the standard output; the standard error output is not used. -u dir Remove file ... from the database in dir. If that causes the database to become empty, also delete the database file. If fatal parse errors are encountered while parsing, the offending file is printed to stderr, omitted from the index, and the parse continues with the next input file. ENVIRONMENT
MANPATH A colon-separated list of directories to create databases in. Ignored if a dir argument or the -t option is specified. FILES
mandoc.db A database of manpages relative to the directory of the file. This file is portable across architectures and systems, so long as the manpage hierarchy it indexes does not change. /etc/man.conf The default man(1) configuration file. EXIT STATUS
The makewhatis utility exits with one of the following values: 0 No errors occurred. 5 Invalid command line arguments were specified. No input files have been read. 6 An operating system error occurred, for example memory exhaustion or an error accessing input files. Such errors cause makewhatis to exit at once, possibly in the middle of parsing or formatting a file. The output databases are corrupt and should be removed. SEE ALSO
apropos(1), man(1), whatis(1), man.conf(5) HISTORY
A makewhatis utility first appeared in 2BSD. It was rewritten in perl(1) for OpenBSD 2.7 and in C for OpenBSD 5.6. The dir argument first appeared in NetBSD 1.0; the options -dpt in OpenBSD 2.7; the option -u in OpenBSD 3.4; and the options -aCDnQT in OpenBSD 5.6. AUTHORS
Bill Joy wrote the original BSD makewhatis in February 1979, Marc Espie started the Perl version in 2000, and the current version of makewhatis was written by Kristaps Dzonsons <kristaps@bsd.lv> and Ingo Schwarze <schwarze@openbsd.org>. Debian May 17, 2017 MAKEWHATIS(8)

Featured Tech Videos