DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th May 2010
fbroce fbroce is offline
Port Guard
 
Join Date: Oct 2009
Posts: 11
Default OpenBSD 4.7 pf and traceroute

I have 4.7 running as a home cable router on two boxes (one is a spare). I have the new pf format working with the exception of mtr or traceroute.

I can get mtr to work however it just shows the first and last hop. I think the problem is related to the scrub statement:

match log on $ext_if all scrub (random-id min-ttl 254 set-tos lowdelay reassemble tcp max-mss 1472 )

shows only the destination:


traceroute to daemonforums.org (94.142.245.224), 64 hops max, 40 byte packets
1 daemonforums.org (94.142.245.224) 136.681 ms 138.460 ms 136.798 ms


If I use a simple
match out all scrub (no-df)

traceroute works on the router box only and gives ??? on other connected boxes.

Any ideas?
Reply With Quote
  #2   (View Single Post)  
Old 25th May 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

According to naddy@, in http://marc.info/?l=openbsd-misc&m=124560271310932&w=2
tcpdump sees packets before pf. Are you running your diagnostics against pf(4) or against a NIC?
Reply With Quote
  #3   (View Single Post)  
Old 26th May 2010
fbroce fbroce is offline
Port Guard
 
Join Date: Oct 2009
Posts: 11
Default

I tried tcpdump to the ext_if. I believe traceroute is working to that point. It must be my pf.conf. I will continue to look at it.

Tnx.
Reply With Quote
  #4   (View Single Post)  
Old 16th July 2010
varag varag is offline
New User
 
Join Date: Jul 2010
Posts: 2
Default

I have similar problem -- don't work tracert on Windows WS.
Reply With Quote
  #5   (View Single Post)  
Old 16th July 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Please describe your problem more completely, varag. See http://www.daemonforums.org/showthread.php?t=596 for advice.
Reply With Quote
  #6   (View Single Post)  
Old 13th September 2010
fbroce fbroce is offline
Port Guard
 
Join Date: Oct 2009
Posts: 11
Default re traceroute

My scrub statement was keeping traceroute from working correctly.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD wwww.openbsd.org//ftp.openbsd.org downtime - Sunday Mar 21, 0800-1530 MDT J65nko News 0 19th March 2010 10:28 PM


All times are GMT. The time now is 04:13 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick