My home network.  Firewall is openbsd (4.3).  DSL setup with PPPOE (in  
kernel):

cat /etc/hostname.pppoe0

inet 0.0.0.0 255.255.255.255 NONE \
         pppoedev dc0 authproto pap \
         authname '[EMAIL PROTECTED]' authkey 'password' up
!/sbin/route add default

#


Here is my /etc/pf.conf for this network (HOME).  Very simple blocking  
everything and allowing everything to go out from my internal network.


#       $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or  
net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

ext_if="dc0"
int_if="fxp0"
loopback="lo0"
pppoe_if="pppoe0"

#table <spamd-white> persist

set skip on lo
set loginterface $ext_if
set loginterface $int_if
set loginterface $pppoe_if
set loginterface $loopback
scrub in all max-mss 1440

nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"

# nat on $pppoe_if from 172.16.200.0/24 -> $pppoe_if
nat on $pppoe_if from !($pppoe_if) to any -> ($pppoe_if)
block in log on $pppoe_if

pass out keep state


Here is my Lab network:  setup on static DSL connection with 5 static  
IPs:
I am using one for webserving:  75.44.224.2.

my /etc/hostname.sk0 looks like:

inet 75.44.229.1 255.255.255.248 NONE
alias 75.44.229.2 255.255.255.248

I also have a laptop behind this firewall on internal network.  Used  
for browsing etc.


##### MACROS ####
ext_if="sk0"
int_if="gem0"

external_ip="75.44.229.1"
external_net="{75.44.229.17 75.44.229.18 75.44.229.19 75.44.229.20}"

internal_ip="172.16.10.10"


webserver_ip="75.44.224.2"
webserver_int="172.16.10.11"


#### OPTIONS #####
set loginterface $ext_if
set loginterface $int_if
scrub in

#### NAT/REDIRECTS ####

nat on $ext_if from !($ext_if) to any -> ($ext_if:0)

rdr pass on $ext_if proto tcp from any to $webserver_ext port 80 ->  
$webserver_int port 80


###### FILTERS #####

block in log on $ext_if

pass in on $ext_if proto tcp from any to $webserver_ext port 80 keep  
state
pass out keep state
#


MY PROBLEM:  Whenever I am on my home network and I try to reach  
webserver on my lab network, I don't get anything.  Whenever I try to  
hit the webserver from my work network or several other networks, I  
can access the webserver fine.  Its only from my home network, I  
cannot access the site on my webserver.  Any other sites from the home  
network work totally fine.

Can see what's wrong with my configs?

For troubleshooting this issue, i captured traffic on my webserver and  
saw that requests from my home network DO ARRIVE at the webserver and  
the webserver duely sends that data back BUT that data never arrives  
on the home network.

If I try to hit any website from my webserver, I can reach it fine.

This is really weared, I would really appreciate any help.  I have  
tried almost everything to get this going.

Thanks
/Parvinder Bhasin

Reply via email to