My home network. Firewall is openbsd (4.3). DSL setup with PPPOE (in
kernel):
cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev dc0 authproto pap \
authname '[EMAIL PROTECTED]' authkey 'password' up
!/sbin/route add default
#
Here is my /etc/pf.conf for this network (HOME). Very simple blocking
everything and allowing everything to go out from my internal network.
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or
net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
ext_if="dc0"
int_if="fxp0"
loopback="lo0"
pppoe_if="pppoe0"
#table <spamd-white> persist
set skip on lo
set loginterface $ext_if
set loginterface $int_if
set loginterface $pppoe_if
set loginterface $loopback
scrub in all max-mss 1440
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
# nat on $pppoe_if from 172.16.200.0/24 -> $pppoe_if
nat on $pppoe_if from !($pppoe_if) to any -> ($pppoe_if)
block in log on $pppoe_if
pass out keep state
Here is my Lab network: setup on static DSL connection with 5 static
IPs:
I am using one for webserving: 75.44.224.2.
my /etc/hostname.sk0 looks like:
inet 75.44.229.1 255.255.255.248 NONE
alias 75.44.229.2 255.255.255.248
I also have a laptop behind this firewall on internal network. Used
for browsing etc.
##### MACROS ####
ext_if="sk0"
int_if="gem0"
external_ip="75.44.229.1"
external_net="{75.44.229.17 75.44.229.18 75.44.229.19 75.44.229.20}"
internal_ip="172.16.10.10"
webserver_ip="75.44.224.2"
webserver_int="172.16.10.11"
#### OPTIONS #####
set loginterface $ext_if
set loginterface $int_if
scrub in
#### NAT/REDIRECTS ####
nat on $ext_if from !($ext_if) to any -> ($ext_if:0)
rdr pass on $ext_if proto tcp from any to $webserver_ext port 80 ->
$webserver_int port 80
###### FILTERS #####
block in log on $ext_if
pass in on $ext_if proto tcp from any to $webserver_ext port 80 keep
state
pass out keep state
#
MY PROBLEM: Whenever I am on my home network and I try to reach
webserver on my lab network, I don't get anything. Whenever I try to
hit the webserver from my work network or several other networks, I
can access the webserver fine. Its only from my home network, I
cannot access the site on my webserver. Any other sites from the home
network work totally fine.
Can see what's wrong with my configs?
For troubleshooting this issue, i captured traffic on my webserver and
saw that requests from my home network DO ARRIVE at the webserver and
the webserver duely sends that data back BUT that data never arrives
on the home network.
If I try to hit any website from my webserver, I can reach it fine.
This is really weared, I would really appreciate any help. I have
tried almost everything to get this going.
Thanks
/Parvinder Bhasin
