WWW to go public, if pf would let me

Sat, 09 Jun 2007 19:36:11 -0700 

Hello Everyone;

# ifconfig -A
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       lladdr 00:50:bf:3a:2e:66
       groups: egress
       media: Ethernet autoselect (100baseTX full-duplex)
       status: active
       inet6 fe80::250:bfff:fe3a:2e66%rl0 prefixlen 64 scopeid 0x1
       inet 64.142.102.8 netmask 0xffffff00 broadcast 64.142.102.255
       inet 64.142.102.9 netmask 0xffffff00 broadcast 64.142.102.255
       inet 64.142.102.10 netmask 0xffffff00 broadcast 64.142.102.255
       inet 64.142.102.11 netmask 0xffffff00 broadcast 64.142.102.255
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       lladdr 00:13:46:30:0b:b2
       media: Ethernet autoselect (100baseTX full-duplex)
       status: active
       inet6 fe80::213:46ff:fe30:bb2%rl1 prefixlen 64 scopeid 0x2
       inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       lladdr 00:19:5b:3d:12:12
       media: Ethernet autoselect (100baseTX full-duplex)
       status: active
       inet6 fe80::219:5bff:fe3d:1212%vr0 prefixlen 64 scopeid 0x3
       inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255

# cat /etc/pf.conf
#       $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

#Macros

# 192.168.0.1 subnet
ext_ip="64.142.102.8"
int_ip="192.168.0.1"
int_block="192.168.0.0/24"
#DMZ subnet
#Interface
dmz_ip="192.168.1.1"
dmz_block="192.168.1.0/24"
#DNS 1
scarlett="192.168.1.2"
pub_scarlett="64.142.102.9"
#DNS 2
shelly="192.168.1.3"
pub_shelly="64.142.102.10"
#WWW 1
www_ip="192.168.1.4"
pub_www="64.142.102.11"
#DMZ Services
services="{ domain, www, smtp, }"
#Normalizing
scrub in all

#NAT and Binat
nat on rl0 from $int_block to any -> $ext_ip
binat on rl0 from $scarlett to any -> $pub_scarlett
binat on rl0 from $shelly to any -> $pub_shelly
binat on rl0 from $www_ip to any -> $pub_www

#Redirection
rdr on rl1 proto tcp from any to 64.142.102.11 port 80 -> $www_ip port 8000
rdr on rl1 proto udp from any to any port domain -> $shelly
rdr on rl1 proto udp from any to any port domain -> $scarlett

#Default block policy
block all

#Anti-spoofing
block in quick from urpf-failed

#vr0 traffic
pass in on vr0 proto tcp from $int_block to any port 6112
pass in on vr0 proto tcp from $int_block to any port 80
pass in on vr0 proto tcp from $int_block to 207.212.58.16 port 25
pass in on vr0 proto { udp, icmp } from $int_block to any

#rl1 traffic
pass in log on rl1 proto tcp from $dmz_block to $www_ip port 80
pass in log on rl1 proto udp from $dmz_block to $shelly port domain
pass in log on rl1 proto udp from $dmz_block to $scarlett port domain
pass out on rl1 proto tcp from $www_ip to any port 80
pass out on rl1 proto udp from $shelly to any port domain
pass out on rl1 proto udp from $scarlett to any port domain

#rl0 traffic
pass in on rl0 inet proto { tcp, udp } all modulate state
pass out on rl0 proto { tcp, udp, icmp } all modulate state
pass in log on rl0 proto tcp from any to $www_ip port 80
pass in log on rl0 proto udp from any to $shelly port domain
pass in log on rl0 proto udp from any to $scarlett port domain

#dmesg
OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 931 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE 
real mem  = 401108992 (391708K)
avail mem = 357941248 (349552K)
using 4278 buffers containing 20180992 bytes (19708K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 10/14/00, BIOS32 rev. 0 @ 0xfd8a0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd8a0/0x760
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf50/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xa000
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82810E" rev 0x03: rng active, 7Kb/sec
vga1 at pci0 dev 1 function 0 "Intel 82810E Graphics" rev 0x03: aperture at 0xf8000000, size 0x4000000 
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 "Intel 82801AA Hub-to-PCI" rev 0x02
pci1 at ppb0 bus 1
rl0 at pci1 dev 11 function 0 "Realtek 8139" rev 0x10: irq 5, address 00:50:bf:3a:2e:66 
rlphy0 at rl0 phy 0: RTL internal PHY
rl1 at pci1 dev 13 function 0 "D-Link Systems 530TX+" rev 0x10: irq 9, address 00:13:46:30:0b:b2 
rlphy1 at rl1 phy 0: RTL internal PHY
vr0 at pci1 dev 14 function 0 "VIA VT6105 RhineIII" rev 0x86: irq 10, address 00:19:5b:3d:12:12 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 4: OUI 0x004063, model 0x0034 
ichpcib0 at pci0 dev 31 function 0 "Intel 82801AA LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801AA IDE" rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility 
wd0 at pciide0 channel 0 drive 0: <WDC WD100EB-11BHF0>
wd0: 16-sector PIO, LBA, 9541MB, 19541088 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <SONY, CD-RW CRX320EE, RYK4> SCSI0 5/cdrom removable 
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 31 function 2 "Intel 82801AA USB" rev 0x02: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ichiic0 at pci0 dev 31 function 3 "Intel 82801AA SMBus" rev 0x02: irq 9
iic0 at ichiic0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x290/8: IT87
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask fb45 netmask ff65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
So, I'm trying to get my WWW server, public: 64.142.102.11; private: 192.168.1.4, to answer requests from the internet. Each time I try to access the public address, via firefox, the browser claims it does not exist. 

Any input is greatly appreciated.

Thank you;
Bray.

Reply via email to