My home network. Firewall is openbsd (4.3). DSL setup with PPPOE (in kernel):
cat /etc/hostname.pppoe0 inet 0.0.0.0 255.255.255.255 NONE \ pppoedev dc0 authproto pap \ authname '[EMAIL PROTECTED]' authkey 'password' up !/sbin/route add default # Here is my /etc/pf.conf for this network (HOME). Very simple blocking everything and allowing everything to go out from my internal network. # $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if="dc0" int_if="fxp0" loopback="lo0" pppoe_if="pppoe0" #table <spamd-white> persist set skip on lo set loginterface $ext_if set loginterface $int_if set loginterface $pppoe_if set loginterface $loopback scrub in all max-mss 1440 nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" # nat on $pppoe_if from 172.16.200.0/24 -> $pppoe_if nat on $pppoe_if from !($pppoe_if) to any -> ($pppoe_if) block in log on $pppoe_if pass out keep state Here is my Lab network: setup on static DSL connection with 5 static IPs: I am using one for webserving: 75.44.224.2. my /etc/hostname.sk0 looks like: inet 75.44.229.1 255.255.255.248 NONE alias 75.44.229.2 255.255.255.248 I also have a laptop behind this firewall on internal network. Used for browsing etc. ##### MACROS #### ext_if="sk0" int_if="gem0" external_ip="75.44.229.1" external_net="{75.44.229.17 75.44.229.18 75.44.229.19 75.44.229.20}" internal_ip="172.16.10.10" webserver_ip="75.44.224.2" webserver_int="172.16.10.11" #### OPTIONS ##### set loginterface $ext_if set loginterface $int_if scrub in #### NAT/REDIRECTS #### nat on $ext_if from !($ext_if) to any -> ($ext_if:0) rdr pass on $ext_if proto tcp from any to $webserver_ext port 80 -> $webserver_int port 80 ###### FILTERS ##### block in log on $ext_if pass in on $ext_if proto tcp from any to $webserver_ext port 80 keep state pass out keep state # MY PROBLEM: Whenever I am on my home network and I try to reach webserver on my lab network, I don't get anything. Whenever I try to hit the webserver from my work network or several other networks, I can access the webserver fine. Its only from my home network, I cannot access the site on my webserver. Any other sites from the home network work totally fine. Can see what's wrong with my configs? For troubleshooting this issue, i captured traffic on my webserver and saw that requests from my home network DO ARRIVE at the webserver and the webserver duely sends that data back BUT that data never arrives on the home network. If I try to hit any website from my webserver, I can reach it fine. This is really weared, I would really appreciate any help. I have tried almost everything to get this going. Thanks /Parvinder Bhasin