DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd September 2010
amorphousone amorphousone is offline
Port Guard
 
Join Date: Nov 2009
Posts: 11
Thanked 0 Times in 0 Posts
Default evdo on server: clients can ping www, but not browse

i connected my server to the internet using a novatel u727.
clients can ping google, but when surfing the status stops at "waiting for google.com".
it looks to me like i can send but not receive packets.

packet forwarding and filtering are enabled.

prior to this experiment:

internet-----dc0(ext_if)------>re0(int_if)-----switch------clients

i was expecting to simply change "dc0" to "tun0" in my pf.conf, then just:
Code:
# ppp -ddial sprint ; pfctl -d ; pfctl -e
and have everything more or less work the same.

i read in the tun manpage:
Quote:
Both layer 3 and layer 2 tunneling is supported. Layer 3 tunneling is
the default mode; to enable layer 2 tunneling mode the link0 flag needs
to be set with ifconfig(8), or by setting up a hostname.if(5) configura-
tion file for netstart(8). In layer 2 mode the tun interface is simulat-
ing an Ethernet network interface.
and thought maybe this was my problem, that tun0 was defaulting to a layer 3 tunnel 9or is this barking up the wrong tree?), so i attempted to set a link0 flag a la:
Code:
# ifconfig tun0 link0
but then ifconfig tun0 shows the connection's been dropped (NO CARRIER).
the next sentence in man tun is:
Quote:
...Note that setting or unsetting the link0 flag causes tun to
lose any configuration settings, and that it is not advisable to use the
flag with any other parameters.
but i thought i was following this advice. is the order of operation backwards? should it be:
Code:
# ifconfig tun0 link0 ;  ppp -ddial sprint
my pf.conf is 99% from the faq soho example:
Code:
# macros

ext_if="tun0" # Novatel U727 via Sprint
#ext_if="dc0" # On-board card
#int_if="ral0" # Wireless access point
int_if="re0" # Realtek gigabit card
tcp_services="{ 22, 113 }"
icmp_types="echoreq"

# options

set block-policy return
set loginterface $ext_if
set skip on lo

# FTP proxy rules

anchor "ftp-proxy/*"
pass in quick on $int_if inet proto tcp to any port ftp \
rdr-to 127.0.0.1 port 8021

# match rules

match out on egress inet from !(egress) to any nat-to (egress:0)

# filter rules

block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp from any to (egress) \
port $tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
packet forwarding is on:
Code:
# grep \^net /etc/sysctl.conf  
net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of IPv4 packets
ppp.conf:
Code:
default:
    set log Phase Chat LCP IPCP CCP tun command

sprint:
    set device /dev/cuaU0
    set speed 230400
    set dial "ABORT NO\\sCARRIER ABORT BUSY TIMEOUT 15 \
\"\" ATZ OK ATQ0V1E1S0=0&C1&D2+FCLASS=0 OK \
ATDT#777 CONNECT"
    set login
    set timeout 0
    enable dns
    add default HISADDR
    set ifaddr 0 0 0
any advice?
Reply With Quote
  #2   (View Single Post)  
Old 23rd September 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,886
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by amorphousone View Post
any advice?
dmesg(8) output?
Reply With Quote
  #3   (View Single Post)  
Old 24th September 2010
amorphousone amorphousone is offline
Port Guard
 
Join Date: Nov 2009
Posts: 11
Thanked 0 Times in 0 Posts
Default

doh, sorry, i forgot to mention that server is powerpc, which can make a big difference sometimes.

Code:
OpenBSD 4.7 (GENERIC) #281: Wed Mar 17 22:34:31 MDT 2010
/compile/GENERIC
real mem = 1073741824 (1024MB)
avail mem = 1037021184 (988MB)
mainbus0 at root: model PowerMac3,1
cpu0 at mainbus0: 7400 (Revision 0x207): 450 MHz: 1MB backside cache
mem0 at mainbus0
spdmem0 at mem0: 256MB SDRAM non-parity PC133CL2
spdmem1 at mem0: 256MB SDRAM non-parity PC133CL2
spdmem2 at mem0: 256MB SDRAM non-parity PC133CL2
spdmem3 at mem0: 256MB SDRAM non-parity PC133CL2
memc0 at mainbus0: uni-n
kiic0 at memc0 offset 0xf8001000: cannot get i2c-rate
mpcpcibr0 at mainbus0 pci: uni-north, Revision 0xff
pci0 at mpcpcibr0 bus 0
pchb0 at pci0 dev 11 function 0 "Apple Uni-N AGP" rev 0x00
vgafb0 at pci0 dev 16 function 0 "ATI Rage Magnum" rev 0x00, mmio
wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation)
mpcpcibr1 at mainbus0 pci: uni-north, Revision 0xff
pci1 at mpcpcibr1 bus 0
pchb1 at pci1 dev 11 function 0 "Apple Uni-N" rev 0x00
ppb0 at pci1 dev 13 function 0 "DEC 21154 PCI-PCI" rev 0x05
pci2 at ppb0 bus 1
ohci0 at pci2 dev 2 function 0 "NEC USB" rev 0x41: irq 52, version 1.0
ohci1 at pci2 dev 2 function 1 "NEC USB" rev 0x41: irq 52, version 1.0
ehci0 at pci2 dev 2 function 2 "NEC USB" rev 0x02: irq 52
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "NEC EHCI root hub" rev 2.00/1.00 addr 1
re0 at pci2 dev 4 function 0 "Linksys EG1032" rev 0x10: RTL8110S (0x0400), irq 54, address 00:22:6b:bf
:4a:40
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 0
macobio0 at pci2 dev 7 function 0 "Apple Keylargo" rev 0x02
openpic0 at macobio0 offset 0x40000: version 0x4614 little endian
macgpio0 at macobio0 offset 0x50
macgpio1 at macgpio0 irq 47
"programmer-switch" at macgpio0 not configured
"escc-legacy" at macobio0 offset 0x12000 not configured
zsc0 at macobio0 offset 0x13000: irq 22,50
zstty0 at zsc0 channel 0
zstty1 at zsc0 channel 1
awacs0 at macobio0 offset 0x14000: irq 24,9,10 headphones
audio0 at awacs0
"timer" at macobio0 offset 0x15000 not configured
adb0 at macobio0 offset 0x16000 irq 25: via-pmu, 0 targets
apm0 at adb0: battery flags 0x1, 0% charged
kiic1 at macobio0 offset 0x18000
iic0 at kiic1
wdc0 at macobio0 offset 0x1f000 irq 19: DMA
wd0 at wdc0 channel 0 drive 0: <ST340014A>
wd0: 16-sector PIO, LBA48, 38166MB, 78165360 sectors
wd1 at wdc0 channel 0 drive 1: <WDC WD1200JB-00GVA0>
wd1: 16-sector PIO, LBA48, 114473MB, 234441648 sectors
wd0(wdc0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4
wd1(wdc0:0:1): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4
wdc1 at macobio0 offset 0x20000 irq 20: DMA
atapiscsi0 at wdc1 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <MATSHITA, DVD-ROM SR-8584A, s15C> ATAPI 5/cdrom removable
cd0(wdc1:0:0): using BIOS timings, DMA mode 2
wdc2 at macobio0 offset 0x21000 irq 21: DMA
ohci2 at pci2 dev 8 function 0 "Apple USB" rev 0x00: irq 27, version 1.0
ohci3 at pci2 dev 9 function 0 "Apple USB" rev 0x00: irq 28, version 1.0
"TI TSB12LV23 FireWire" rev 0x00 at pci2 dev 10 function 0 not configured
dc0 at pci2 dev 11 function 0 "DEC 21142/3" rev 0x41: irq 58, address 00:0a:27:94:27:28
bmtphy0 at dc0 phy 0: BCM5201 10/100 PHY, rev. 2
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "NEC OHCI root hub" rev 1.00/1.00 addr 1
usb2 at ohci1: USB revision 1.0
uhub2 at usb2 "NEC OHCI root hub" rev 1.00/1.00 addr 1
usb3 at ohci2: USB revision 1.0
uhub3 at usb3 "Apple OHCI root hub" rev 1.00/1.00 addr 1
usb4 at ohci3: USB revision 1.0
uhub4 at usb4 "Apple OHCI root hub" rev 1.00/1.00 addr 1
mpcpcibr2 at mainbus0 pci: uni-north, Revision 0x14
pci3 at mpcpcibr2 bus 0
pchb2 at pci3 dev 11 function 0 "Apple Uni-N Eth" rev 0x00
gem0 at pci3 dev 15 function 0 "Apple Uni-N GMAC" rev 0x00: couldn't map interrupt
uhub5 at uhub4 port 1 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 2
uhidev0 at uhub5 port 1 configuration 1 interface 0 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 3
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub5 port 1 configuration 1 interface 1 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 3
uhidev1: iclass 3/0, 3 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0
uhid2 at uhidev1 reportid 3: input=3, output=0, feature=0
uhidev2 at uhub5 port 3 configuration 1 interface 0 "Microsoft Microsoft 5-Button Mouse with IntelliEy
e(TM)" rev 1.10/3.00 addr 4
uhidev2: iclass 3/1
ums0 at uhidev2: 5 buttons, Z dir
wsmouse0 at ums0 mux 0
vscsi0 at root
wdc1 at macobio0 offset 0x20000 irq 20: DMA
atapiscsi0 at wdc1 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <MATSHITA, DVD-ROM SR-8584A, s15C> ATAPI 5/cdrom removable
cd0(wdc1:0:0): using BIOS timings, DMA mode 2
wdc2 at macobio0 offset 0x21000 irq 21: DMA
ohci2 at pci2 dev 8 function 0 "Apple USB" rev 0x00: irq 27, version 1.0
ohci3 at pci2 dev 9 function 0 "Apple USB" rev 0x00: irq 28, version 1.0
"TI TSB12LV23 FireWire" rev 0x00 at pci2 dev 10 function 0 not configured
dc0 at pci2 dev 11 function 0 "DEC 21142/3" rev 0x41: irq 58, address 00:0a:27:94:27:28
bmtphy0 at dc0 phy 0: BCM5201 10/100 PHY, rev. 2
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "NEC OHCI root hub" rev 1.00/1.00 addr 1
usb2 at ohci1: USB revision 1.0
uhub2 at usb2 "NEC OHCI root hub" rev 1.00/1.00 addr 1
usb3 at ohci2: USB revision 1.0
uhub3 at usb3 "Apple OHCI root hub" rev 1.00/1.00 addr 1
usb4 at ohci3: USB revision 1.0
uhub4 at usb4 "Apple OHCI root hub" rev 1.00/1.00 addr 1
mpcpcibr2 at mainbus0 pci: uni-north, Revision 0x14
pci3 at mpcpcibr2 bus 0
pchb2 at pci3 dev 11 function 0 "Apple Uni-N Eth" rev 0x00
gem0 at pci3 dev 15 function 0 "Apple Uni-N GMAC" rev 0x00: couldn't map interrupt
uhub5 at uhub4 port 1 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 2
uhidev0 at uhub5 port 1 configuration 1 interface 0 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 3
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub5 port 1 configuration 1 interface 1 "Dell Dell USB Keyboard Hub" rev 1.10/1.00 addr 3
uhidev1: iclass 3/0, 3 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0
uhid2 at uhidev1 reportid 3: input=3, output=0, feature=0
uhidev2 at uhub5 port 3 configuration 1 interface 0 "Microsoft Microsoft 5-Button Mouse with IntelliEye(TM)" rev 1.10/3.00 addr 4
uhidev2: iclass 3/1
ums0 at uhidev2: 5 buttons, Z dir
wsmouse0 at ums0 mux 0
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
bootpath: /pci@f2000000/@d/mac-io@7/ata-4@1f000/disk@0:/bsd
root on wd0a swap on wd0b dump on wd0b
ukbd0: was console keyboard
wskbd0 detached
ukbd0 detached
uhidev0 detached
uhid0 detached
uhid1 detached
uhid2 detached
uhidev1 detached
wsmouse0 detached
ums0 detached
uhidev2 detached
uhub5 detached
re0: watchdog timeout
umsm0 at uhub3 port 1 configuration 1 interface 0 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1.
10/0.00 addr 2
umsm0 detached
umsm0 at uhub3 port 1 configuration 1 interface 0 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1.
10/0.00 addr 2
ucom0 at umsm0
umsm1 at uhub3 port 1 configuration 1 interface 1 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1.
10/0.00 addr 2
ucom1 at umsm1
umsm2 at uhub3 port 1 configuration 1 interface 2 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1.
10/0.00 addr 2
ucom2 at umsm2
umsm3 at uhub3 port 1 configuration 1 interface 3 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1.
10/0.00 addr 2
ucom3 at umsm3
umsm4 at uhub3 port 1 configuration 1 interface 4 "Novatel Wireless Inc. Novatel Wireless CDMA" rev 1.
10/0.00 addr 2
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Interview: Nick Carr talks Google, Apple, and cloud clients J65nko News 5 26th May 2010 12:00 PM
Sapm control from relaying allowed clients (out bound spam) osman General software and network 0 8th May 2009 05:26 AM
torrent clients are driving me nuts graudeejs FreeBSD General 28 9th January 2009 12:43 PM
FreeBSD server, Windows clients, daily backups Weaseal FreeBSD General 4 25th December 2008 05:50 PM
Exempting clients from AuthPF Kristijan NetBSD Security 1 12th July 2008 12:09 AM


All times are GMT. The time now is 02:14 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick