Re: arptables: unable to enter address, TCPDUMP

2007-02-05 Thread Aleksandar Milosevic 

 > tcpdump -netttvvvSXi interfacename
 >
 > should show you something like

Here it is:

Feb 05 11:59:06.601418 0:b:6:bc:7b:e ff:ff:ff:ff:ff:ff 0806 60: arp 
who-has 192.168.0.10 tell 24.145.134.116

  : 0001 0800 0604 0001 000b 06bc 7b0e 1891  ...<{...
  0010: 8674    c0a8 000a 1102 27b6  .t..@('6
  0020: c0a8 6401 008a 00bb  2046 4445   @(d;.. FDE

Feb 05 11:59:06.601500 0:20:78:1f:0:af 0:b:6:bc:7b:e 0806 60: arp reply 
192.168.0.10 is-at 0:20:78:1f:0:af

  : 0001 0800 0604 0002 0020 781f 00af c0a8  . x../@(
  0010: 000a 000b 06bc 7b0e 1891 8674 1102 27b6  .<{t..'6
  0020: c0a8 6401 008a 00bb  2046 4445   @(d;.. FDE

 > What is currently in your hostname.* files?

hostname.dc0 (external) is just "dhcp".
hostname.fxp0 (internal) is:
inet 192.168.1.11 255.255.255.0 192.168.1.255

 > is it possible that any of your internal hosts have an address
 > on the wrong (meaning 192.168.0) subnet?

All the internal hosts are 192.168.1.*



What does 'arp -a' and 'netstat -nr -f inet' output on rock?

Re: nat or routing problem?

2006-12-09 Thread Aleksandar Milosevic 

Let's try this. It works, but the source IP is from bge0 my external
interface (193.77.12.154).



Then use address from em1 in nat rule for bge0.

nat on bge0 inet from 192.168.1.0/24 to any -> (em1:0)

No one said that translated source address must be the same as the 
address of nat external (outside) interface.


Pozdrav,
Aleksandar

Re: nat or routing problem?

2006-12-08 Thread Aleksandar Milosevic 

Mitja wrote:

Mitja wrote:

Andreas Bihlmaier wrote:

On Thu, Dec 07, 2006 at 11:27:11PM +0100, Mitja wrote:

Hello,

I am trying to configure nat from internal network 192.168.1.0/24 to
external nat gateway address 193.189.180.193. The problem is that
packets are not passing from nat gateway to the interface 193.77.12.154
to the internet.

ISP <-> 193.77.12.154 -- hostA -- 192.168.1.1
   |
 193.189.180.193 (em1)
   |
   /27 network


More testing:
I changed my pf.conf to:

# pfctl -s all
TRANSLATION RULES:
nat on bge0 inet from 192.168.1.0/24 to any -> (bge0:0)
rdr pass on em1 inet proto tcp from any to any port = 5900 ->
192.168.1.111 port 5900

FILTER RULES:
pass in all keep state
pass out all keep state
No queue in use

Now I am doing translation from 192.168.1.0/24 to bge0 (193.77.12.154),
the closest interface to my ISP. Test:

# ping -I 192.168.1.95 209.85.129.147
PING 209.85.129.147 (209.85.129.147): 56 data bytes
64 bytes from 209.85.129.147: icmp_seq=0 ttl=242 time=45.439 ms
64 bytes from 209.85.129.147: icmp_seq=1 ttl=242 time=45.307 ms
--- 209.85.129.147 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 45.307/45.373/45.439/0.066 ms

# tcpdump -i bge0 icmp
tcpdump: listening on bge0, link-type EN10MB
14:46:10.614558 193.77.12.154 > 209.85.129.147: icmp: echo request
14:46:10.659932 209.85.129.147 > 193.77.12.154: icmp: echo reply
14:46:11.624513 193.77.12.154 > 209.85.129.147: icmp: echo request
14:46:11.669838 209.85.129.147 > 193.77.12.154: icmp: echo reply

It looks like NAT is working. The same test with changed configuration
in pf.conf to:
# pfctl -s all
TRANSLATION RULES:
nat on em1 inet from 192.168.1.0/24 to any -> (em1:0)
rdr pass on em1 inet proto tcp from any to any port = 5900 ->
192.168.1.111 port 5900

FILTER RULES:
pass in all keep state
pass out all keep state
No queue in use

The same test, with tcpdump on the last interface (bge0;193.77.12.154).

# ping -I 192.168.1.95 209.85.129.147
PING 209.85.129.147 (209.85.129.147): 56 data bytes
--- 209.85.129.147 ping statistics ---
15 packets transmitted, 0 packets received, 100.0% packet loss

# tcpdump -i bge0 icmp
tcpdump: listening on bge0, link-type EN10MB
14:49:16.377482 192.168.1.95 > 209.85.129.147: icmp: echo request
14:49:17.387437 192.168.1.95 > 209.85.129.147: icmp: echo request
14:49:18.397398 192.168.1.95 > 209.85.129.147: icmp: echo request

icmp packets are going out, but it looks like NAT is not working (it
should change my source IP address).



Maybe, you should try somthing like this.

nat on bge0 inet from 192.168.1.0/24 to any -> (em1:0)
nat on em1 inet from 192.168.1.0/24 to any -> (em1:0)

rdr ...

I might work.

Pozdrav,
Aleksandar

Re: OpenBSD - Vlans - CISCO

2006-12-08 Thread Aleksandar Milosevic 

# ifconfig vlan0 10.0.0.1 vlan 2 vlandev rl0

# ifconfig vlan1 10.0.1.1 vlan 3 vlandev rl0

# ifconfig vlan0 10.0.2.1 vlan 4 vlandev rl0

 ^

cisco switch port is set as trunk?

Re: update automaticly

2006-10-19 Thread Aleksandar Milosevic 

sonjaya wrote:

i have script for update automaticly here:
# cat /root/update_part1.sh
#!/bin/csh
cd /usr/src
setenv CVS_CLIENT_PORT -1
setenv CVSROOT [EMAIL PROTECTED]:/cvs
cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd
date > /root/update_part1.log

when i try run that script get error such like this :
# sh /root/update_part1.sh


# csh /root/update_part1.sh