DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default Using Multiple ISPs on OBSD 4.9

Greetings to all!

I have read the FAQ PF: Address Pools and Load Balance in an effort to under what I must do to get Ultra1 to use multiple ISPs for failover/balancing. So far is a no go.

I tried to follow the same example to make it easier.

Code:
AT&T            Covad 
    |   2701HGV-B        Zyxel 600
    |                            |
    |                            |
   adj.                        adj.
  router                    router
 80.0.0.254             22.0.0.254
    |                             |
    |                             |
    |                             |
    |                             |
    |                             |
----|-----------------------
|  hme0               hme1       |
| 80.0.0.1          22.0.0.1     |
|             Ultra1                 |
|     gateway/firewall           |
|                                      |
|         hme2                      |
|      192.168.0.1                |
-----------|------------------
                |
                |
                |
      internal lan
I am able to access the net from the firewall but unable to surf the net
from a Windows test machine setup to hit the 192.168.0.1 as its gateway. The PC is able to ping its it's IP and it's default gateway 192.168.0.1.The firewall is not able to ping the test machine.

I have enabled routing and setup the PF rules as the example given on OpenBSD FAQs on load balancing Outgoing Traffic.

Do I need to add static routes to the hme2 interface? I'm sure you can tell of my limited knowledge on the subject.Please advise if I need to provide more info. Your assistance and help is greatly appreciated.

Once this issue is resolved how can I test if the traffic is flowing between interfaces?

Thank you in advance.
Reply With Quote
  #2   (View Single Post)  
Old 15th July 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 338
Thanked 9 Times in 9 Posts
Default

What's the output of "sysctl net.inet.ip.forwarding"?

Sounds like you aren't setup to allow forwarding.
__________________
Linux Admin by Profession. OpenBSD user by choice.
Reply With Quote
  #3   (View Single Post)  
Old 15th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

net.inet.ip.fowarding=1

I set this up in the sysctl.conf.
Reply With Quote
  #4   (View Single Post)  
Old 15th July 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,891
Thanked 214 Times in 189 Posts
Default

  1. The ASCII picture is helpful, but until we see how you provisioned -- your applicable config files -- we will not be able to help, except by guessing.
  2. You can watch packets flow, or not, with tcpdump(8). You should use it with each physical interface -- both external and the single internal -- to check to see if packets are exiting, and if responses are received.
  3. If PF is enabled, be sure to add logging to all your block rules, and for more enlightenment, your pass rules as well, and use tcpdump with the pflog0 interface also. You may discover your root cause is your PF configuration.
Avoid using publicly accessible IP addresses in your public posts, to limit exposing configuration flaws to attack.
Reply With Quote
  #5   (View Single Post)  
Old 15th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

I'll start working getting the info.

Thanks for your response jggimi.
Reply With Quote
  #6   (View Single Post)  
Old 15th July 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 338
Thanked 9 Times in 9 Posts
Default

Quote:
Originally Posted by CyberJet View Post
net.inet.ip.fowarding=1

I set this up in the sysctl.conf.
That's all fine and dandy...that means the setting will take effect *when you reboot*. What is the output of "sysctl net.inet.ip.forwarding" as it is right now?
__________________
Linux Admin by Profession. OpenBSD user by choice.
Reply With Quote
  #7   (View Single Post)  
Old 15th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

I tried the command:

"sysctl net.inet.ip.forwarding" but it display an error, (I typed the command from $ prompt as: sysctl net.inet.ip.forwarding) I rebooted the machine and it displays:

sysctl net.inet.ip.forwarding 0 > 1

I don't have access to the machine right this minute since I'm at work and have not set it up for remote access.

Thank you rocket357!
Reply With Quote
  #8   (View Single Post)  
Old 15th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

rocket357 you say:

Quote:
That's all fine and dandy...that means the setting will take effect *when you reboot*. What is the output of "sysctl net.inet.ip.forwarding" as it is right now?
You are correct about that. I just log in and issued the requested command:

#sysctl net.inet.ip.forwarding
net.inet.ip.forwarding=1

Thanks you
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
50 ISPs harbor half of all infected machines worldwide J65nko News 0 18th November 2010 07:55 PM
What Google could learn from EU ISPs' experience with fiber J65nko News 0 15th February 2010 05:53 PM
grub on obsd dennky OpenBSD Packages and Ports 9 14th January 2010 08:21 PM
Restore OBSD Over SSH revzalot OpenBSD Installation and Upgrading 16 2nd September 2009 06:45 PM
obsd 4.3 secure ssh use milo974 OpenBSD Security 9 3rd July 2008 11:23 AM


All times are GMT. The time now is 08:31 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick