Visit Our UNIX and Linux User Community


PF troubles on OpenBSD 5.0


 
Thread Tools Search this Thread
Operating Systems BSD PF troubles on OpenBSD 5.0
# 1  
Old 12-08-2011
PF troubles on OpenBSD 5.0

I am setting up a system as an ADSL gateway. ADSL is working fine. PF is not forwarding for some reason.

Code:
# ifconfig                                                              
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33196
        priority: 0
        groups: lo
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:a0:c9:84:98:5f
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::2a0:c9ff:fe84:985f%fxp0 prefixlen 64 scopeid 0x1
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:06:5b:20:f0:b3
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 10.0.0.2 netmask 0xff000000 broadcast 10.255.255.255
        inet6 fe80::206:5bff:fe20:f0b3%xl0 prefixlen 64 scopeid 0x2
enc0: flags=0<>
        priority: 0
        groups: enc
        status: active
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
        priority: 0
        dev: fxp0 state: session
        sid: 0x213 PADI retries: 0 PADR retries: 0 time: 00:08:23
        sppp: phase network authproto pap authname "johnubis@tpg.com.au" 
        groups: pppoe egress
        status: active
        inet6 fe80::2a0:c9ff:fe84:985f%pppoe0 ->  prefixlen 64 scopeid 0x5
        inet 220.245.128.9 --> 202.7.179.48 netmask 0xffffffff
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196
        priority: 0
        groups: pflog

Code:
# cat /etc/pf.conf
int_if="xl0"
ext_if="pppoe0"
wan_if="fxp0"

thenetwrk="10.0.0.0/8"
rothbard="10.0.0.10"
baal="10.0.0.2"
smass="10.0.0.1"

etcp_services="{22}"
itcp_services="{22,53}"
icmp_types="echoreq"

ports_rothbard="{17000,17001,17002,17003,17004,17005,2322}"
ports_smass="{17100,17101,17102,17103,17104,17105,2222}"

set block-policy return
set loginterface $ext_if
set skip on lo
set skip on $wan_if

anchor "ftp-proxy/*"

pass in quick on $int_if inet proto tcp to any port ftp \
    divert-to 127.0.0.1 port 8021

match out on $ext_if from 10.0.0.0/8 to any nat-to $int_if
pass on $ext_if from 10.0.0.0/8 to any

pass out on $ext_if proto tcp from any to any

pass in on $ext_if proto tcp from any to any port $ports_rothbard rdr-to $rothbard
pass in on $ext_if proto tcp from any to any port $ports_smass rdr-to $smass

antispoof quick for { lo $int_if }

pass in on egress inet proto tcp from any to (egress) \
        port $etcp_services
pass in on egress inet proto tcp from any to $baal port $itcp_services

pass in inet proto icmp all icmp-type $icmp_types

Code:
# sysctl net.inet.ip.forwarding         
net.inet.ip.forwarding=1

I can SSH to the box and access ports I've allowed but packets are not forwarded through.

---------- Post updated at 06:03 PM ---------- Previous update was at 12:12 PM ----------

Nevermind fixed it myself

New pf.conf...

Code:
# cat /etc/pf.conf                                                              
int_if="xl0"                                                                    
ext_if="pppoe0"                                                                 
wan_if="fxp0"                                                                   
                                                                                
thenetwrk="10.0.0.0/8"                                                          
rothbard="10.0.0.10"                                                            
baal="10.0.0.2"                                                                 
smass="10.0.0.1"                                                                
                                                                                
etcp_services="{22}"                                                            
itcp_services="{22,53}"                                                         
icmp_types="echoreq"                                                            
                                                                                
ports_rothbard="{17000,17001,17002,17003,17004,17005,2322}"                     
ports_smass="{17100,17101,17102,17103,17104,17105,2222}"                        
                                                                                
set block-policy return                                                         
set loginterface $ext_if                                                        
set skip on lo                                                                  
set skip on $wan_if                                                             
                                                                                
anchor "ftp-proxy/*"                                                            
                                                                                
pass in quick on $int_if inet proto tcp to any port ftp \                       
    divert-to 127.0.0.1 port 8021                                               
                                                                                
pass out on $ext_if from $int_if:network to any nat-to ($ext_if)                
                                                                                
pass in on $int_if from 10.0.0.0/8 to any                                       
                                                                                
pass out on $int_if from any to any                                             
                                                                                
pass in on $ext_if proto tcp from any to any port $ports_rothbard rdr-to $rothba
rd                                                                              
pass in on $ext_if proto tcp from any to any port $ports_smass rdr-to $smass    
                                                                                
antispoof quick for { lo $int_if }                                              
                                                                                
pass in on $ext_if inet proto tcp from any to (egress) \                        
        port $etcp_services                                                     
pass in on $int_if inet proto tcp from any to $baal port $itcp_services         
                                                                                
pass in inet proto icmp all icmp-type $icmp_types


Previous Thread | Next Thread
Test Your Knowledge in Computers #497
Difficulty: Medium
A computer compiler or interpreter is just as smart as a human.
True or False?

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Troubles with OpenSSH

Hi, I am trying to login from one AIX server to another without using a password, a basic configuration, however it doesn't seem to work. All things are in place. I have both a public and private key in the ~/.ssh folder and also have an "authorized_keys" file on the target-server containing... (5 Replies)
Discussion started by: Hille
5 Replies

2. Shell Programming and Scripting

awk and tr troubles

I am trying to make all the fields containing lower case letters upper case and the third field of a file display ** instead. I have this: awk '{printf "%s %s ** %d %d\n", $1, $2, $4, $5}' database.txt | tr '' '' < database.txt And that only changes it to upper case, other... (4 Replies)
Discussion started by: Bungkai
4 Replies

3. Shell Programming and Scripting

for loop troubles

What I have here is a pretty textbook recursive function. Its purpose right now is simply to display all folders that don't contain folders. It works fine in all instances I can think of... except one. If there is a folder with a space in its name, the thing goes Kablooie. AFAIK the problem comes... (5 Replies)
Discussion started by: divisionbyzero
5 Replies

4. UNIX for Dummies Questions & Answers

Cron troubles

I am aware this question has been answered time and again. I feel I have tried everything I have seen on the net and really need help to get this working. Same old story. Shell script, working from command but not from cron. I need my script to take values from a .properties file. Tried... (2 Replies)
Discussion started by: airalpha
2 Replies

5. Shell Programming and Scripting

Encoding troubles

Hello All I have a set of files, each one containing some lines that follows that regex: regex='disabled\,.*\,\".*\"'and here is what file says about each files: file <random file> <random file> ASCII text, with CRLF line terminatorsSo, as an example, here is what a file ("Daffy Duck - The... (3 Replies)
Discussion started by: tukuyomi
3 Replies

6. Shell Programming and Scripting

if-statement troubles

I try to compare the day and month of someones birthday with the day and month of today, so my little bash script can send a mail to the person that has its birthday that day. The first line of the file birthdays looks like this: firstname,lastname,01/01/1990,.... The variable birthday's... (4 Replies)
Discussion started by: doc.arne
4 Replies

7. UNIX for Dummies Questions & Answers

Password Troubles

I'm very new to UNIX (I just started working with Terminal 2 days ago) and I don't know the system very well. I'm having trouble whenever I am asked for a password. I simply... can't type. I press keys on the keyboard but no characters appear on the screen. For example, when I log onto... (5 Replies)
Discussion started by: alexmiller
5 Replies

8. Programming

Troubles with HPUX

Hello I created an application in c language for HP-UX operative system,and it runs on a 32 bits PARISC processor. My problem is that I have to run this same application but now in a 64 bits Parisc processor. But I am not able to compile the application with the 64 bit server, and I only could use... (1 Reply)
Discussion started by: masterboy6666
1 Replies

9. UNIX for Dummies Questions & Answers

compariosn troubles...

Hi Guys, I am trying to compare using if, but keep getting some strange results. if ; then keeps creating the file 1 if ; then does not work at all if ; then does not work if ; then does not work if ; then does not work eihter. I am using a ksh, on Solaris (9 Replies)
Discussion started by: jagannatha
9 Replies

10. Programming

compiling troubles

i keep getting the following error with the code segment below when i try to compile the program. The code is from 'defs.h' parse error before '(' parse error before ')' stray '\' in program this is the code segment and the error is on the second line of the segment #define... (1 Reply)
Discussion started by: token
1 Replies

Featured Tech Videos