DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd June 2011
schh schh is offline
Port Guard
 
Join Date: Jun 2011
Posts: 11
Default Strange internet connection issue

Hello,

I seem to have a pretty wierd issue. I cannot connect to the internet or even reach my gateway with a ping.

But i can connect through it (nat gateway), i can connect to it remotely with ssh.

Are there any logs or something else i can check? been a while since i was using openbsd.

Thanks
Reply With Quote
  #2   (View Single Post)  
Old 4th June 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Hi, and welcome.

Unfortunately, we're not mind readers and have no clue what your network configuration looks like, what release you are using, what hardware architecture you are using, or how you are conducting your tests. See this thread's opening post for some suggestions of what we need in order to help you.
Reply With Quote
  #3   (View Single Post)  
Old 4th June 2011
schh schh is offline
Port Guard
 
Join Date: Jun 2011
Posts: 11
Default

Hello again,

yh thats pretty obvious isnt it :P sry about that, ill look through the post you linked to and get all that information and post a reply.

Thanks
Reply With Quote
  #4   (View Single Post)  
Old 4th June 2011
wimwauters wimwauters is offline
Port Guard
 
Join Date: Aug 2008
Posts: 36
Default

Quote:
Originally Posted by schh View Post
Hello,

I seem to have a pretty wierd issue. I cannot connect to the internet or even reach my gateway with a ping.

But i can connect through it (nat gateway), i can connect to it remotely with ssh.

Are there any logs or something else i can check? been a while since i was using openbsd.

Thanks
This sounds like a bridge or nat router, combined with a good firewall setup,
i.e. your setup is probably working as intended
Reply With Quote
  #5   (View Single Post)  
Old 4th June 2011
schh schh is offline
Port Guard
 
Join Date: Jun 2011
Posts: 11
Default

i have no blocking out. only two open ports in. everything else works fine. but ill get back with system details. had open bsd many times before. never had this problem.

and yes its a nat router.

thanks for replying
Reply With Quote
  #6   (View Single Post)  
Old 5th June 2011
schh schh is offline
Port Guard
 
Join Date: Jun 2011
Posts: 11
Default

Hello again,

Well ill post my dmesg, pf config and if config since its network related, as instructed by the perfect newbie ill attach it as a txt file instead of flooding the post.

I think i got the most relevant things. And removed my external ip If theres anything else pls let me know.

Thank you
Attached Files
File Type: txt OpenBSD_DeamonForums_attachment.txt (16.0 KB, 55 views)
Reply With Quote
  #7   (View Single Post)  
Old 6th June 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Things I found:

1) You have no outbound pass rules in your PF configuration file. That explains your reported symptom. The only traffic permitted outbound will be from any state session established by an inbound pass rule.

2) OpenBSD 4.7 is no longer supported, as of 1 May 2011. The most recent release is 4.9.
Reply With Quote
  #8   (View Single Post)  
Old 6th June 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

To clarify, your nat-to rule is a pass, but does not apply to packets where your OpenBSD router is the source.
Reply With Quote
  #9   (View Single Post)  
Old 6th June 2011
schh schh is offline
Port Guard
 
Join Date: Jun 2011
Posts: 11
Default

Thanks for your answer, didnt think of that since it passes out from int:network wich my gateway is a part of.

But if the rule only would apply to packets in need of network translation and external traffic i guess would have the ext if as source wich is not in the rule. Probably should be obvious. Works fine now :P

Thank you very much. Guess i learned something, wont be making that mistake again. The hard life of a newbie

/Robert
Reply With Quote
Old 6th June 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

You're welcome.

Personally, I use the "match" PF filter command on my NAT rules to avoid confusion, as recommended in the PF User's Guide chapter on NAT.

In the future, if you ever want to know if PF is blocking or passing packets, you might consider logging your block (and pass) rules with the "log" option, then monitoring pflog0 with tcpdump.

See:
The logging chapter of the PF User's Guide
pflog(4)
tcpdump(8)
pflogd(8)
Reply With Quote
Old 6th June 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Quote:
Originally Posted by jggimi View Post
if you ever want to know if PF is blocking or passing packets, you might consider logging your block (and pass) rules with the "log" option, then monitoring pflog0 with tcpdump.
That's probably the best advice anyone could give for pf troubleshooting...you can see how pf "thinks" when you take the ruleset and actually test it. Once you correlate theory and practice, the rest is easy =)
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
Old 6th June 2011
schh schh is offline
Port Guard
 
Join Date: Jun 2011
Posts: 11
Default

Im all about learning so i will certailny look into that..in fact..im gonna do it right now..i downloaded the openbsd official pf faq pdf. but im at my gfs house so not really that much sympathy for me doing bsd :P But now shes asleep so im gonna dive right into it.

Thanks for all the advice
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Huawei E169 (e220) Internet connection on NetBSD Peiteros NetBSD General 11 19th December 2009 11:18 PM
Working dial-up connection - No Client Connection vigol FreeBSD General 5 22nd November 2009 10:59 PM
pppoe internet connection on another lladdr enaqx General software and network 3 4th July 2009 12:07 AM
finding packages denpendencies with no internet connection roddierod OpenBSD Packages and Ports 1 13th November 2008 03:17 PM
no internet connection inside jail...? bgobs FreeBSD General 11 17th June 2008 04:36 PM


All times are GMT. The time now is 10:24 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick