No one can help me on this? I have just one hour to finish this 'job'. -----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Ricardo Augusto de Souza Enviada em: terga-feira, 23 de setembro de 2008 16:21 Para: misc@openbsd.org Assunto: RES: PF cannot RDR connections
I am lost. Nat is working but I cant do any single rdr. Any clue? -----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Ricardo Augusto de Souza Enviada em: terga-feira, 23 de setembro de 2008 13:31 Para: misc@openbsd.org Assunto: RES: PF cannot RDR connections I was monitoring tcpdump -i xl0, disabled pf and I try to access http://10.10.100.254:81 and I saw this: 13:30:38.976708 10.10.100.254.81 > 10.10.0.135.2321: R 0:0(0) ack 1 win 0 (DF) 13:30:40.007811 802.1d RSTP config flags=7c<LEARNING,FORWARDING,AGREED> role=DESIGNATED root=8000.0:f:cb:56:80:a0 rootcost=20004 bridge=8000.0:1e:c1:27:b0:80 port=9 ifcost=128 age=2/0 max=20/0 hello=2/0 fwdelay=15/0 13:32:20.254337 10.10.100.254.81 > 10.10.0.135.2331: R 0:0(0) ack 2046899144 win 0 (DF) 13:32:20.699272 10.10.0.135.2331 > 10.10.100.254.81: S 2046899143:2046899143(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 13:32:20.699297 10.10.100.254.81 > 10.10.0.135.2331: R 0:0(0) ack 1 win 0 (DF) 13:32:21.181005 10.10.100.254 > 10.10.0.135: icmp: echo reply 13:32:21.202344 10.10.0.135.2331 > 10.10.100.254.81: S 2046899143:2046899143(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 13:32:21.202368 10.10.100.254.81 > 10.10.0.135.2331: R 0:0(0) ack 1 win 0 (DF) Now I turn pf on and I got this: # tcpdump -i xl0|grep 81 tcpdump: listening on xl0, link-type EN10MB 13:34:44.554439 10.10.0.135.2378 > 10.10.100.254.81: S 3759662737:3759662737(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 13:34:47.497787 10.10.0.135.2378 > 10.10.100.254.81: S 3759662737:3759662737(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 13:34:49.816656 10.10.0.48.netbios-ns > 10.10.255.255.netbios-ns: udp 50 13:34:52.226812 10.10.100.254 > 10.10.0.135: icmp: echo reply 13:34:53.434122 10.10.0.135.2378 > 10.10.100.254.81: S 3759662737:3759662737(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) Help me please folks, I need this rdr working TODAY. Thanks in advance! -----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Ricardo Augusto de Souza Enviada em: terga-feira, 23 de setembro de 2008 11:30 Para: misc@openbsd.org Assunto: PF cannot RDR connections I was used to do this easily but it4s failing now. Xl0 = 10.10.100.254 Xl1=internet This is my /etc/pf.conf # interface externa WAN ext_if="xl1" # interface interna LAN int_if="xl0" #set skip on lo #scrub in rdr on xl1 proto tcp from any to xl1 port 8101 -> 10.10.100.21 port 8101 rdr on xl0 proto tcp from any to 10.10.100.254 port 81 -> 10.10.0.2 port 80 # # NAT # #nat on $ext_if from !($ext_if) -> ($ext_if:0) nat on $ext_if from 10.10.0.0/16 -> $ext_if pass in all pass out all #pass quick on $int_if no state #antispoof quick for { lo $int_if } Note: I can access http://10.10.0.2 It fails when I try to access http://10.10.100.254:81 What4s wrong folks? # pfctl -sn nat on xl1 inet from 10.10.0.0/16 to any -> 200.162.41.34 rdr on xl1 inet proto tcp from any to 200.162.41.34 port = 8101 -> 10.10.100.21 port 8101 rdr on xl0 inet proto tcp from any to 10.10.100.254 port = 81 -> 10.10.0.2 port 80 # # dmesg OpenBSD 4.3 (CMT) #1: Mon Sep 22 15:25:18 BRT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/CMT cpu0: Intel(R) Pentium(R) 4 CPU 2.13GHz ("GenuineIntel" 686-class) 2.13 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,C X16,x TPR real mem = 1072697344 (1023MB) avail mem = 1033314304 (985MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/16/05, BIOS32 rev. 0 @ 0xfd5b6, SMBIOS rev. 2.33 @ 0x3ff77000 (46 entries) bios0: vendor IBM version "-[KEE134AUS-1.34]-" date 06/16/2005 bios0: IBM CORPORATION -[84824RU]- bios0: ROM list: 0xc0000/0x9000 0xc9000/0x1000 0xca000/0x1000 0xcb000/0x9c00 0xd 5000/0x2000 0xd7000/0x2000 0xd9000/0x800 0xd9800/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82875P Host" rev 0x02 ppb0 at pci0 dev 3 function 0 "Intel 82875P CSA" rev 0x02 pci1 at ppb0 bus 2 em0 at pci1 dev 1 function 0 "Intel PRO/1000CT (82547GI)" rev 0x00: irq 5, addre ss 00:11:25:7f:86:28 ppb1 at pci0 dev 28 function 0 "Intel 6300ESB PCIX" rev 0x02 pci2 at ppb1 bus 3 bge0 at pci2 dev 1 function 0 "Broadcom BCM5703 Alt" rev 0x10, BCM5703 B0 (0x110 0): irq 11, address 00:10:18:16:14:1b brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 3 bge1 at pci2 dev 2 function 0 "Broadcom BCM5703 Alt" rev 0x10, BCM5703 B0 (0x110 0): irq 11, address 00:10:18:16:0e:8a brgphy1 at bge1 phy 1: BCM5703 10/100/1000baseT PHY, rev. 3 ahd0 at pci2 dev 4 function 0 vendor "Adaptec", unknown product 0x808f rev 0x10: irq 11 ahd0: aic7901, U320 Wide Channel A, SCSI Id=7, PCI-X 50-66MHz, 512 SCBs scsibus0 at ahd0: 16 targets sd0 at scsibus0 targ 0 lun 0: <IBM-ESXS, VPR036W3-ETS10FN, S370> SCSI2 0/direct fixed sd0: 34715MB, 34401 cyl, 3 head, 688 sec, 512 bytes/sec, 71096640 sec total sd1 at scsibus0 targ 6 lun 0: <IBM-ESXS, VPR036W3-ETS10FN, S370> SCSI2 0/direct fixed sd1: 34715MB, 34401 cyl, 3 head, 688 sec, 512 bytes/sec, 71096640 sec total uhci0 at pci0 dev 29 function 0 "Intel 6300ESB USB" rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 "Intel 6300ESB USB" rev 0x02: irq 5 "Intel 6300ESB WDT" rev 0x02 at pci0 dev 29 function 4 not configured "Intel 6300ESB APIC" rev 0x02 at pci0 dev 29 function 5 not configured ehci0 at pci0 dev 29 function 7 "Intel 6300ESB USB" rev 0x02: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb2 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x0a pci3 at ppb2 bus 4 vga0 at pci3 dev 2 function 0 "ATI Radeon VE QY" rev 0x00 wsdisplay0 at vga0 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) xl0 at pci3 dev 7 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 5, address 0 0:0a:5e:63:7e:2e exphy0 at xl0 phy 24: 3Com internal media interface xl1 at pci3 dev 8 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 11, address 00:0a:5e:63:7d:72 exphy1 at xl1 phy 24: 3Com internal media interface ichpcib0 at pci0 dev 31 function 0 "Intel 6300ESB LPC" rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 "Intel 6300ESB IDE" rev 0x02: DMA, channel 0 c onfigured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: <HL-DT-ST, DVD-RAM GSA-H58N, 1.01> SCSI0 5/cdrom r emovable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 "Intel 6300ESB SATA" rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 5 for native-PCI interrupt ichiic0 at pci0 dev 31 function 3 "Intel 6300ESB SMBus" rev 0x02: irq 5 iic0 at ichiic0 admtm0 at iic0 addr 0x2d: 47m192 adt0 at iic0 addr 0x2e: adm1027 rev 0x6a spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM ECC PC3200CL3.0 spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM ECC PC3200CL3.0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 midi0 at pcppi0: <PC speaker> lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ff65 netmask ff65 ttymask ffe7 mtrr: Pentium Pro MTRR support softraid0 at root ahd0: target 0 synchronous with period = 0x8, offset = 0x7f(RDSTRM|DT|IU|RTI|QAS ) ahd0: target 6 synchronous with period = 0x8, offset = 0x7f(RDSTRM|DT|IU|RTI|QAS ) root on sd0a swap on sd0b dump on sd0b #