|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
evdo on server: clients can ping www, but not browse
i connected my server to the internet using a novatel u727.
clients can ping google, but when surfing the status stops at "waiting for google.com". it looks to me like i can send but not receive packets. packet forwarding and filtering are enabled. prior to this experiment: internet-----dc0(ext_if)------>re0(int_if)-----switch------clients i was expecting to simply change "dc0" to "tun0" in my pf.conf, then just: Code:
# ppp -ddial sprint ; pfctl -d ; pfctl -e i read in the tun manpage: Quote:
Code:
# ifconfig tun0 link0 the next sentence in man tun is: Quote:
Code:
# ifconfig tun0 link0 ; ppp -ddial sprint Code:
# macros ext_if="tun0" # Novatel U727 via Sprint #ext_if="dc0" # On-board card #int_if="ral0" # Wireless access point int_if="re0" # Realtek gigabit card tcp_services="{ 22, 113 }" icmp_types="echoreq" # options set block-policy return set loginterface $ext_if set skip on lo # FTP proxy rules anchor "ftp-proxy/*" pass in quick on $int_if inet proto tcp to any port ftp \ rdr-to 127.0.0.1 port 8021 # match rules match out on egress inet from !(egress) to any nat-to (egress:0) # filter rules block in log pass out quick antispoof quick for { lo $int_if } pass in on egress inet proto tcp from any to (egress) \ port $tcp_services pass in inet proto icmp all icmp-type $icmp_types pass in on $int_if Code:
# grep \^net /etc/sysctl.conf net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets Code:
default: set log Phase Chat LCP IPCP CCP tun command sprint: set device /dev/cuaU0 set speed 230400 set dial "ABORT NO\\sCARRIER ABORT BUSY TIMEOUT 15 \ \"\" ATZ OK ATQ0V1E1S0=0&C1&D2+FCLASS=0 OK \ ATDT#777 CONNECT" set login set timeout 0 enable dns add default HISADDR set ifaddr 0 0 0 |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Interview: Nick Carr talks Google, Apple, and cloud clients | J65nko | News | 5 | 26th May 2010 12:00 PM |
Sapm control from relaying allowed clients (out bound spam) | osman | General software and network | 0 | 8th May 2009 05:26 AM |
torrent clients are driving me nuts | graudeejs | FreeBSD General | 28 | 9th January 2009 12:43 PM |
FreeBSD server, Windows clients, daily backups | Weaseal | FreeBSD General | 4 | 25th December 2008 05:50 PM |
Exempting clients from AuthPF | Kristijan | NetBSD Security | 1 | 12th July 2008 12:09 AM |