View Single Post
  #1   (View Single Post)  
Old 29th July 2011
Dr-D's Avatar
Dr-D Dr-D is offline
Port Guard
 
Join Date: Jun 2011
Posts: 43
Default BSD Router Login Issue

Why can't I login to my BSD router locally via SSH when there is no WAN connection? I noticed this the other night when I lost my internet connection. I tried to login to my BSD router to see if that was the problem but it just hung at the login prompt not accepting keyboard input. Not wanting to ruin my uptime on the box by rebooting it I called my ISP first to see if they were down in my area. Turns out my cable ISP is upgrading the infrastructure in my area to add phone service so there is on going disruptions while this is happening, usually in the wee morning hours when most people are sleeping. Sometimes the cable modem lights are all still lit up showing that it's connected but it's really not and when I power it off and on then it shows the correct state it is in. Anyway, what I have discovered is that when my WAN connection is down I can't login to my BSD router locally via SSH using the internal IP address. For testing purposes I just disconnected my WAN cable while my internet is working and get the same problem. I set the ListenAddress in sshd_config to the internal NIC IP and restarted sshd but that didn't help. I've Googled but can't find an answer to this problem. This doesn't make sense to me so hopefully someone can shed some light on this for me.

Here is my pf.conf.
Code:
# macros
int_if="xl0"
ext_if="xl1"
whs="192.168.0.50"
pc1="192.168.0.20"
pc2="192.168.0.21"
websrv="192.168.0.55"

# options
set block-policy drop
set loginterface $ext_if
set skip on lo

# match rules
match in all scrub (no-df)
match out on egress inet from !(egress) to any nat-to (egress:0)

# filter rules
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp to (egress) port 80 rdr-to $websrv synproxy state
pass in on egress inet proto tcp to (egress) port 443 rdr-to $whs synproxy state
pass in on egress inet proto tcp to (egress) port 5900 rdr-to $pc1 synproxy state
pass in on egress inet proto tcp to (egress) port 5901 rdr-to $pc2 synproxy state
pass in log on $int_if
Reply With Quote