|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
||||
Heather, welcome back!
First, I note you've edited this posting. Those who had already read it will not know you've edited it. In your additional information, which you top-posted, you wrote: Quote:
I can't quite tell which apache server you have decided to run, either the built in Apache 1.3 or the Apache2 port. I do not think that is germane to your problem. I also am clueless about your network configuration. Is your OpenBSD platform acting as a NAT router? If so, then even without seeing your PF configuration, I will assume your tests will always fail, proper configuration or not, if you are testing from behind the router. The PF User's Guide chapter on Traffic Redirection (Port Forwarding) has this to say, highlights mine: Quote:
|
|
||||
Thank you
Thank you for the warm welcome
Sorry for all the edits i know i am a mess when it comes to typing. Well first of all its gonna be difficult to send the log since i cant putty as root into my machine and i dont have permissions to read the file. As for the pf.conf im using the default one that came with OpenBSD 5.0. i really did not change anything in there nor did i uncomment any of it. i only added a few lines that you saw but since it did not work i removed what i put in there. The only rule i see in there is the default rule block in on ! lo0 proto tcp to port 6000:6010 Everything else in that file is commented out by default. OpenBSD 5.0 and apache 1.3 i seem to have configured it correctly to work locally with port 8005 But for some reason i cant login to it with my ip address and port xxx.xxx.xx.xxx:8005 but locally no problem on port 8005 Now you mentioned $ext Dont i have to have somewhere in my pf file $ext_if =lo0 or rd1? for that to work Please forgive me if i cant get to the file its on another machine and as i mentioned, i made no major changes at all to the pf.conf Forgive me once again its been so long since i touched BSD
__________________
The journey is better then the destination |
|
||||
Quote:
Code:
set skip on lo pass block in on ! lo0 proto tcp to port 6000:6010 Quote:
Quote:
Once you have access to root on the platform, please post a copy of pf.conf. Meanwhile, if you could "draw" a picture of the network involved, that would aid my understanding, and limit the misinformation you receive from me. Here is an example of such a picture, made with [code] and [/code] wrappers: Code:
{internet} --- [OpenBSD] --- {192.168.0/24} -- [Servers] --- {192.168.1/24} ---[Workstations] Last edited by jggimi; 16th April 2012 at 05:31 PM. Reason: typo |
|
||||
PF
UPDATE
(It seems to be ok now that i replaced ext_if= "r10" with ext_if ="lo0") It does not hang on the pf reload this time When i do pf-s rules my output is Exaxtly what i typed plus the block drop in on ! lo0 proto tcp to any port 6000:6010 with no errors
__________________
The journey is better then the destination Last edited by whispersGhost; 16th April 2012 at 05:59 PM. |
|
||||
Your edit has deleted your post that contained a more complete pf.conf and your description of hung commands which indicate a problem well beyond misconfiguration.
As I received an Email of that, I'm aware of it but anyone else reading it after your edit will not have seen it. Please don't edit posts to update status, just post a reply, to ensure you don't cause information loss. |
|
||||
SOLVED PF
@jggimi
Thanks for your help everything worked out well. The server seemed to only work locally I know why i was unable to connect to my web server from outside. i had gotten a vonage adapter a few months back which is hooked up behind my Modem then to my router. That is was why it was blocking what i was trying to do.from the outside. So rather then playing with all the vonage settings internal router i reversed the set up. Cable modem to Router, Router to vonage adapter. Rebooted and everything was successfully moving along smoothly and i was able to access the server. The port numbers i referenced to were not the actual port numbers but only a guide. At first i thought it was a bug with the apache server, so i installed 2.2 and renamed the old one to apache-bak. Now that all is working i can delete 2.2 and use the 1.3 version which they say is the hardened version. Thank you so much Hm the reason i edit was at some time back i was told i should check my spelling if i intend to get a proper reply for help
__________________
The journey is better then the destination |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
PF rule to disable icmp? | cyanide_christ | OpenBSD Security | 6 | 15th October 2009 05:35 AM |
namp show me a 1720 open port ?? | killa74 | OpenBSD Security | 11 | 11th February 2009 02:55 PM |
pf: why is that rule not working? | ivanatora | FreeBSD General | 14 | 11th December 2008 09:32 AM |
PF wont open port despite rules... | Dain_L | OpenBSD Security | 3 | 12th September 2008 01:14 AM |
How to open port 80 on FreeBSD | kapom | FreeBSD General | 14 | 19th June 2008 04:48 AM |