|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|
|||
evdo on server: clients can ping www, but not browse
i connected my server to the internet using a novatel u727.
clients can ping google, but when surfing the status stops at "waiting for google.com". it looks to me like i can send but not receive packets. packet forwarding and filtering are enabled. prior to this experiment: internet-----dc0(ext_if)------>re0(int_if)-----switch------clients i was expecting to simply change "dc0" to "tun0" in my pf.conf, then just: Code:
# ppp -ddial sprint ; pfctl -d ; pfctl -e i read in the tun manpage: Quote:
Code:
# ifconfig tun0 link0 the next sentence in man tun is: Quote:
Code:
# ifconfig tun0 link0 ; ppp -ddial sprint Code:
# macros ext_if="tun0" # Novatel U727 via Sprint #ext_if="dc0" # On-board card #int_if="ral0" # Wireless access point int_if="re0" # Realtek gigabit card tcp_services="{ 22, 113 }" icmp_types="echoreq" # options set block-policy return set loginterface $ext_if set skip on lo # FTP proxy rules anchor "ftp-proxy/*" pass in quick on $int_if inet proto tcp to any port ftp \ rdr-to 127.0.0.1 port 8021 # match rules match out on egress inet from !(egress) to any nat-to (egress:0) # filter rules block in log pass out quick antispoof quick for { lo $int_if } pass in on egress inet proto tcp from any to (egress) \ port $tcp_services pass in inet proto icmp all icmp-type $icmp_types pass in on $int_if Code:
# grep \^net /etc/sysctl.conf net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets Code:
default: set log Phase Chat LCP IPCP CCP tun command sprint: set device /dev/cuaU0 set speed 230400 set dial "ABORT NO\\sCARRIER ABORT BUSY TIMEOUT 15 \ \"\" ATZ OK ATQ0V1E1S0=0&C1&D2+FCLASS=0 OK \ ATDT#777 CONNECT" set login set timeout 0 enable dns add default HISADDR set ifaddr 0 0 0 |
|
|||
dmesg(8) output?
|
|
|||
doh, sorry, i forgot to mention that server is powerpc, which can make a big difference sometimes.
Code:
OpenBSD 4.7 (GENERIC) #281: Wed Mar 17 22:34:31 MDT 2010 /compile/GENERIC real mem = 1073741824 (1024MB) avail mem = 1037021184 (988MB) mainbus0 at root: model PowerMac3,1 cpu0 at mainbus0: 7400 (Revision 0x207): 450 MHz: 1MB backside cache mem0 at mainbus0 spdmem0 at mem0: 256MB SDRAM non-parity PC133CL2 spdmem1 at mem0: 256MB SDRAM non-parity PC133CL2 spdmem2 at mem0: 256MB SDRAM non-parity PC133CL2 spdmem3 at mem0: 256MB SDRAM non-parity PC133CL2 memc0 at mainbus0: uni-n kiic0 at memc0 offset 0xf8001000: cannot get i2c-rate mpcpcibr0 at mainbus0 pci: uni-north, Revision 0xff pci0 at mpcpcibr0 bus 0 pchb0 at pci0 dev 11 function 0 "Apple Uni-N AGP" rev 0x00 vgafb0 at pci0 dev 16 function 0 "ATI Rage Magnum" rev 0x00, mmio wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation) mpcpcibr1 at mainbus0 pci: uni-north, Revision 0xff pci1 at mpcpcibr1 bus 0 pchb1 at pci1 dev 11 function 0 "Apple Uni-N" rev 0x00 ppb0 at pci1 dev 13 function 0 "DEC 21154 PCI-PCI" rev 0x05 pci2 at ppb0 bus 1 ohci0 at pci2 dev 2 function 0 "NEC USB" rev 0x41: irq 52, version 1.0 ohci1 at pci2 dev 2 function 1 "NEC USB" rev 0x41: irq 52, version 1.0 ehci0 at pci2 dev 2 function 2 "NEC USB" rev 0x02: irq 52 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "NEC EHCI root hub" rev 2.00/1.00 addr 1 re0 at pci2 dev 4 function 0 "Linksys EG1032" rev 0x10: RTL8110S (0x0400), irq 54, address 00:22:6b:bf :4a:40 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 0 macobio0 at pci2 dev 7 function 0 "Apple Keylargo" rev 0x02 openpic0 at macobio0 offset 0x40000: version 0x4614 little endian macgpio0 at macobio0 offset 0x50 macgpio1 at macgpio0 irq 47 "programmer-switch" at macgpio0 not configured "escc-legacy" at macobio0 offset 0x12000 not configured zsc0 at macobio0 offset 0x13000: irq 22,50 zstty0 at zsc0 channel 0 zstty1 at zsc0 channel 1 awacs0 at macobio0 offset 0x14000: irq 24,9,10 headphones audio0 at awacs0 "timer" at macobio0 offset 0x15000 not configured adb0 at macobio0 offset 0x16000 irq 25: via-pmu, 0 targets apm0 at adb0: battery flags 0x1, 0% charged kiic1 at macobio0 offset 0x18000 iic0 at kiic1 wdc0 at macobio0 offset 0x1f000 irq 19: DMA wd0 at wdc0 channel 0 drive 0: <ST340014A> wd0: 16-sector PIO, LBA48, 38166MB, 78165360 sectors wd1 at wdc0 channel 0 drive 1: <WDC WD1200JB-00GVA0> wd1: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(wdc0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4 wd1(wdc0:0:1): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4 wdc1 at macobio0 offset 0x20000 irq 20: DMA atapiscsi0 at wdc1 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: <MATSHITA, DVD-ROM SR-8584A, s15C> ATAPI 5/cdrom removable cd0(wdc1:0:0): using BIOS timings, DMA mode 2 wdc2 at macobio0 offset 0x21000 irq 21: DMA ohci2 at pci2 dev 8 function 0 "Apple USB" rev 0x00: irq 27, version 1.0 ohci3 at pci2 dev 9 function 0 "Apple USB" rev 0x00: irq 28, version 1.0 "TI TSB12LV23 FireWire" rev 0x00 at pci2 dev 10 function 0 not configured dc0 at pci2 dev 11 function 0 "DEC 21142/3" rev 0x41: irq 58, address 00:0a:27:94:27:28 bmtphy0 at dc0 phy 0: BCM5201 10/100 PHY, rev. 2 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 "NEC OHCI root hub" rev 1.00/1.00 addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2 "NEC OHCI root hub" rev 1.00/1.00 addr 1 usb3 at ohci2: USB revision 1.0 uhub3 at usb3 "Apple OHCI root hub" rev 1.00/1.00 addr 1 usb4 at ohci3: USB revision 1.0 uhub4 at usb4 "Apple OHCI root hub" rev 1.00/1.00 addr 1 mpcpcibr2 at mainbus0 pci: uni-north, Revision 0x14 pci3 at mpcpcibr2 bus 0 pchb2 at pci3 dev 11 function 0 "Apple Uni-N Eth" rev 0x00 gem0 at pci3 dev 15 function 0 "Apple Uni-N GMAC" rev 0x00: couldn't map interrupt uhub5 at uhub4 port 1 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 2 uhidev0 at uhub5 port 1 configuration 1 interface 0 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 3 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub5 port 1 configuration 1 interface 1 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 3 uhidev1: iclass 3/0, 3 report ids uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0 uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0 uhid2 at uhidev1 reportid 3: input=3, output=0, feature=0 uhidev2 at uhub5 port 3 configuration 1 interface 0 "Microsoft Microsoft 5-Button Mouse with IntelliEy e(TM)" rev 1.10/3.00 addr 4 uhidev2: iclass 3/1 ums0 at uhidev2: 5 buttons, Z dir wsmouse0 at ums0 mux 0 vscsi0 at root wdc1 at macobio0 offset 0x20000 irq 20: DMA atapiscsi0 at wdc1 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: <MATSHITA, DVD-ROM SR-8584A, s15C> ATAPI 5/cdrom removable cd0(wdc1:0:0): using BIOS timings, DMA mode 2 wdc2 at macobio0 offset 0x21000 irq 21: DMA ohci2 at pci2 dev 8 function 0 "Apple USB" rev 0x00: irq 27, version 1.0 ohci3 at pci2 dev 9 function 0 "Apple USB" rev 0x00: irq 28, version 1.0 "TI TSB12LV23 FireWire" rev 0x00 at pci2 dev 10 function 0 not configured dc0 at pci2 dev 11 function 0 "DEC 21142/3" rev 0x41: irq 58, address 00:0a:27:94:27:28 bmtphy0 at dc0 phy 0: BCM5201 10/100 PHY, rev. 2 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 "NEC OHCI root hub" rev 1.00/1.00 addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2 "NEC OHCI root hub" rev 1.00/1.00 addr 1 usb3 at ohci2: USB revision 1.0 uhub3 at usb3 "Apple OHCI root hub" rev 1.00/1.00 addr 1 usb4 at ohci3: USB revision 1.0 uhub4 at usb4 "Apple OHCI root hub" rev 1.00/1.00 addr 1 mpcpcibr2 at mainbus0 pci: uni-north, Revision 0x14 pci3 at mpcpcibr2 bus 0 pchb2 at pci3 dev 11 function 0 "Apple Uni-N Eth" rev 0x00 gem0 at pci3 dev 15 function 0 "Apple Uni-N GMAC" rev 0x00: couldn't map interrupt uhub5 at uhub4 port 1 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 2 uhidev0 at uhub5 port 1 configuration 1 interface 0 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 3 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub5 port 1 configuration 1 interface 1 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 3 uhidev1: iclass 3/0, 3 report ids uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0 uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0 uhid2 at uhidev1 reportid 3: input=3, output=0, feature=0 uhidev2 at uhub5 port 3 configuration 1 interface 0 "Microsoft Microsoft 5-Button Mouse with IntelliEye(TM)" rev 1.10/3.00 addr 4 uhidev2: iclass 3/1 ums0 at uhidev2: 5 buttons, Z dir wsmouse0 at ums0 mux 0 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root bootpath: /pci@f2000000/@d/mac-io@7/ata-4@1f000/disk@0:/bsd root on wd0a swap on wd0b dump on wd0b ukbd0: was console keyboard wskbd0 detached ukbd0 detached uhidev0 detached uhid0 detached uhid1 detached uhid2 detached uhidev1 detached wsmouse0 detached ums0 detached uhidev2 detached uhub5 detached re0: watchdog timeout umsm0 at uhub3 port 1 configuration 1 interface 0 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1. 10/0.00 addr 2 umsm0 detached umsm0 at uhub3 port 1 configuration 1 interface 0 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1. 10/0.00 addr 2 ucom0 at umsm0 umsm1 at uhub3 port 1 configuration 1 interface 1 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1. 10/0.00 addr 2 ucom1 at umsm1 umsm2 at uhub3 port 1 configuration 1 interface 2 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1. 10/0.00 addr 2 ucom2 at umsm2 umsm3 at uhub3 port 1 configuration 1 interface 3 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1. 10/0.00 addr 2 ucom3 at umsm3 umsm4 at uhub3 port 1 configuration 1 interface 4 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1. 10/0.00 addr 2 |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Interview: Nick Carr talks Google, Apple, and cloud clients | J65nko | News | 5 | 26th May 2010 12:00 PM |
Sapm control from relaying allowed clients (out bound spam) | osman | General software and network | 0 | 8th May 2009 05:26 AM |
torrent clients are driving me nuts | graudeejs | FreeBSD General | 28 | 9th January 2009 12:43 PM |
FreeBSD server, Windows clients, daily backups | Weaseal | FreeBSD General | 4 | 25th December 2008 05:50 PM |
Exempting clients from AuthPF | Kristijan | NetBSD Security | 1 | 12th July 2008 12:09 AM |