Hello all,
I finally got my "new" server online, still have to disable inteldrm to get it
to boot though.
Ran into two issues upon initial bootup:
1. DHCPD failed to start, trying to troubleshoot that one.
2. I have a fully working pf.conf file on my current server, copied it over to
my new server and
made a few corrections since the interfaces are different, but thats about it.
The problem is
this: the new router boots up and dhclient goes and gets a lease, and I have an
ip address. I can
ping external to the box and also can do a wget and download a file, so I know
the box is online.
My internal network though, can't see a thing past the external interface,
can't ping, or resolve
anything. The resolv.conf files look ok (they match the old box files). My
thinking is that for
some reason, pf doesn't like my current config file. Both boxes are fully
patched 6.3 versions.
One is 32-bit, the other is 64-bit.
On the new router, re0 is the external interface, re1 is internal interface.
Assuming with DHCPD
enabled, it would monitor the internal interface for dhcp requests from my
internal machines. If
the internal interface was having a problem initializing, would that prevent
dhcpd from starting
up. I'm wondering if both interfaces can be enabled at the same time. They
SHOULD be able to, but
with this motherboard, who knows...
I'm posting my pf.conf file, other suggestions that could help me narrow the
scope of the problem
are appreciated.
# $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
int_if = "re0"
www_ad = "192.168.1.99"
icmp_types="echoreq"
NoRouteIPs = "{127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8}"
set block-policy return
set loginterface egress
set skip on lo
#Protection
antispoof quick for { lo $int_if }
block in quick on egress from $NoRouteIPs to any
block out quick on egress from any to $NoRouteIPs
#filter rules and anchor for ftp-proxy
anchor "ftp-proxy/*"
#rule needed to redirect ftp connection for ftp-proxy
pass in quick inet proto tcp to port ftp divert-to 127.0.0.1 port 8021
#match rules
match out on egress inet from !(egress) to any nat-to (egress:0)
block in log
pass out quick
#next rule passes http-https traffic to the web/email server
pass in on egress inet proto tcp from any to (egress) port {80 443} rdr-to
$www_ad synproxy state
#traceroute rule (for IPv4)
pass out on egress inet proto udp to port 33433:33626
#next rule redirects smtp traffic to the email server
pass in on egress inet proto tcp from any to (egress) port 25 rdr-to $www_ad
#pass in certain types of ICMP traffic
pass in inet proto icmp all icmp-type $icmp_types
