|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|
|||
Some Websites Wont Connect In Vista And XP
I have 3 computers in my network.
1. Windows XP SP2 (recently upgraded to SP3 to see if it would break but it still works with SP3) 2. Windows Vista SP2 3. Windows XP SP3 On computer 1 I can browse to all websites as normal. On computers 2 and 3 I can only browse to a few. All 3 use the same DNS ipaddress assigned via windows tcp/ip connections. my pf.conf is basic as it gets for now Code:
ext_if="pppeo0" int_if="re1" block log all set block-policy drop nat on $ext_if from !($ext_if) -> ($ext_if:0) pass out keep state pass out quick on $int_if from any to any pass in quick on $int_if from any to any pass out quick on $ext_if from any to any I also found a thread on this forum with a guy that was having a similar problem and suggested that I add flags S/SA keep state to the firewall rules but that did not fix this issue. I tried pfctl -vvss and found that computer 1 (working one) had a a wscale of 2, 4, 6, 8 etc... However the computers that are not working dont even have wscale on the screen. From the documentation I was expecting it to say wscale 0 or some kind of number at least. I still have alot to learn when it comes to openbsd so any insight/troubleshooting tips you can give me is greatly appreciated. |
|
|||
Change
Code:
pass out keep state Code:
pass out Code:
pass out keep state flags S/A
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Quote:
Code:
match on pppoe0 scrub (max-mss 1440) |
|
|||
is
Code:
match on pppoe0 scrub (max-mss 1440) the reason I ask is because tcpdump shows me 0 packets dropped |
|
|||
Tcpdump doesn't do any blocking of packets. Sometimes when there is a lot of traffic, tcpdump notices that it cannot decode all incoming packets. Then it just skips, or drops decoding some of them and lets you know by saying something like 1232 packets dropped. Apparently it told you "0 packets dropped", so it could decode and show you everything. No hiatus,
Now some homework, if you fail, you have to redo last semester . What does the pf.conf manual say about 'match' ? Please paste that man page section here using [code] and [/code] tags.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
I though tcpdump was just a program that read the binary form of the log files?
I though the dropped meant packets that was showing you how many packets were dropped(rejected/unsuccessful connection) by the firewall for the duration that you were monitoring the log. When I had a much slower box I would see packets were 'dropped'. I see now that I was interpreting this the wrong way. Code:
match The packet is matched. This mechanism is used to provide fine grained filtering without altering the block/pass state of a pack- et. match rules differ from block and pass rules in that parame- ters are set every time a packet matches the rule, not only on the last matching rule. For the following parameters, this means that the parameter effectively becomes ``sticky'' until explicitly over- ridden: max-mss, min-ttl, no-df, queue, random-id, reassemble tcp, rtable, and set-tos. log is different still, in that the action happens every time a rule matches i.e. a single packet can get logged more than once. |
|
|||
Yes, you interpreting this correctly. You passed and can continue with the next semester
It just means that all packets on the pppoe interfaced will be scrubbed and it makes sure that the packet size doesn't exceed 1440 bytes.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
For those who REALLY need windoze, 2k, XP or Vista? | fbsduser | Other OS | 68 | 4th July 2010 11:00 PM |
Mailserver for websites | xCipherx | FreeBSD Ports and Packages | 4 | 13th April 2010 03:56 PM |
Guide for KDE over SSH from Vista | ua549 | FreeBSD General | 13 | 13th June 2008 07:20 PM |
KDE wont start up | dctr | FreeBSD General | 9 | 11th June 2008 05:59 AM |
OpenBSD-related websites | bienc | OpenBSD General | 7 | 12th May 2008 09:15 PM |