View Single Post
  #4   (View Single Post)  
Old 25th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by Quaxo View Post
...I did set it to 1 using "sysctl net.inet.ip.forwarding=1" (or something like that) and the output from sysctl confirmed the change. I have also changed the configuration file in /etc/sysctl.conf.
You can confirm it, if you like, with something similar to:
  • $ sysctl -a | grep forward
Quote:
...I thought "pass" ment that I didnt need to set any other rules.
You won't know, for sure, what is happening, until you log all rules and test the results. Some people only log block rules, but when diagnosing PF, I prefer to log all rules, so I can determine which rules are effective in which circumstance.
Quote:
...I thought that maybe the server (router) must act like a "DNS proxy" or something...
Only if you set up a local DNS server on it. And then, you'd update your dhcpd.conf accordingly.
If you are interested in caching DNS locally, and managing your local hosts via DNS, note that BIND v9 is built-in to OpenBSD. The daemon is named(8). It has a fairly complex configuration. You will want more documentation than just the man page. (There are other DNS engines available, too.)
Quote:
This is weird...When using "pass log quick all" and doing a ssh from the laptop to the server I get a connection but nothing is shown in the PF-log.
"Sounds" like one of three things is happening:
  1. Perhaps an unlogged rule is in effect (such as your "nat pass") I'll guess this is the reaon. This is my third hint to LOG ALL RULES.
  2. Perhaps you are not using tcpdump correctly
  3. Perhaps pflog0 is not configured properly
Reply With Quote