|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|
|||
BSD not reachable from Internal LAN
Gooood Morning,
I have a webserver running OpenBSD 5.0 with Apache and has been running smooth since built. Well its time to upgrade the hardware and everything was configured appropriately. The issue is: The original server is accessible from the Outside to DMZ network (NAT rules in place) and also internally ( inside to DMZ ). I swapped out the server (same IP addresses), cleared ARP on the ASA and the server is only accessible from the Outside network. The server is completely blocking all requests internally. I have determined it is not an ASA issue because the same IP's are in place and once I clear arp, the server responds correctly from the outside. Packet tracer also shows the traffic being permitted. It is very bizarre. My only thoughts were the PF config but I tried disabling that to no effect. Things that changed: Upgraded to OpenBSD 5.3 x64 New Physical Server Apache 1.9.3 Fire away with thoughts! Thanks! |
|
||||
Hello, and welcome!
Edited to add: Since we don't know anything other than what you posted, there's always the possibility of a misconfigured NIC, if you have two or more NICs used with the OpenBSD server. The output of: $ ifconfig -A may help us, if that's the case. Last edited by jggimi; 26th September 2013 at 06:47 PM. Reason: typo, additional comments |
|
|||
When a DMZ configureation does not work, it usually is the routing. The server in the DMZ needs to have the default route set to the DMZ NIC of the firewall. Of course the NAT needs to handle both the external IP <--> DMZ and internal LAN <--> DMZ traffic.
What is the output of # netstat -rn -f inet ?If a client on the LAN tries to connect to the DMZ server, does tcpdump on the server show these incoming requests? Do you see the server sending reply packets? BTW in these cases a network diagram is always helpful
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
The upgrade was a swap with new hardware. Old serverA running 5.0. New server running 5.3. The pages pull up fine from the public outside world, but is not accessible from the inside LAN. The routing is confirmed set to the NIC of the FW. The FW HAS to be configured correctly because all of the IP routing works when the old server is in place. I believe it had something to do with PF but it is now disabled. I will try and post tcpdump soon.
Thanks! |
|
||||
Thank you for the additional information, juslaxnern.
I'm still not clear about a few things. Perhaps you can clarify when you post here again.
If two or more NICs are used, you might still have a network configuration problem as above, but you may also have misconfigured one of the NICs. An ASCII "picture" of your network topology, or a link to a graphic would be helpful. Also helpful would be capturing the output from the ifconfig and route commands that we've both suggested. You may find the script(1) tool useful for capturing console output for later editing/copying/pasting. In general, the more information you provide to us, the better we can be at helping you. See this guidance for perfect problem reporting. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How do I troubleshoot an internal interface | BinarySpike | OpenBSD General | 3 | 1st September 2011 04:11 AM |
Internal Laptop Speakers | divadgnol67 | OpenBSD General | 11 | 7th September 2010 07:02 PM |
500 Internal Server Error. | Mr-Biscuit | Off-Topic | 12 | 12th May 2010 10:23 PM |
Redirect Internal Network to Internal Website | plexter | OpenBSD Security | 12 | 12th February 2009 08:00 PM |
2 external NIC + 1 internal NIC | AlexV | FreeBSD General | 7 | 4th June 2008 08:18 AM |