Re: NPF NAT Hairpinning

2016-07-04 Thread Christos Zoulas 
In article ,
Ryan Brackenbury   wrote:
>Christos Zoulas  astron.com> writes:
>
>> 
>> ext_if= your external interface
>> internalwww= the ip address of the internal web server
>> 
>> map $ext_if dynamic $internalwww port 80 <- inet4($ext_if) port 80
>> 
>> 
>
>I had this in my setup already, actually. I played around with testing 
>inet4($ext_if) vs. just $ext_if, both without success. My npf.conf is based 
>off of the soho example in /usr/share/examples/npf/, so I don't think I'm 
>doing anything bizarre that would alter the nat behaviour.

You need to put explicit pass rules to allow that traffic too. Also use
npflog to see what's going on and tcpdump. I know that works; I use it
for a minecraft server and and xbox one.

christos

Re: NPF NAT Hairpinning

2016-07-04 Thread Ryan Brackenbury 
Christos Zoulas  astron.com> writes:

> 
> ext_if= your external interface
> internalwww= the ip address of the internal web server
> 
> map $ext_if dynamic $internalwww port 80 <- inet4($ext_if) port 80
> 
> 

I had this in my setup already, actually. I played around with testing 
inet4($ext_if) vs. just $ext_if, both without success. My npf.conf is based 
off of the soho example in /usr/share/examples/npf/, so I don't think I'm 
doing anything bizarre that would alter the nat behaviour.

-ryan

Re: NPF NAT Hairpinning

2016-07-04 Thread Christos Zoulas 
In article ,
Ryan Brackenbury   wrote:
>I recently got NetBSD + NPF running on a raspberrypi, and am now using it as 
>my gateway router (purchased a 2nd USB ethernet stick as internal nic). 
>Behind this router, I run a few servers and also have a 2nd router for my 
>home PCs - so it operates like a perimeter network.
>
>When I am hitting my global IP from the outside, NPF forwards my packets 
>correctly to my server, and I'm able to view my website. When trying to 
>access from one of my home PCs though, I get a connection timeout/refused.
>
>In Linux when I'm usually setting up a router, I am able to configure 
>iptables to do nat-hairpinning to any services running in the perimeter 
>network. I don't want to resort to split-zone DNS or other methods, so does 
>anyone know of a way to coerce NPF into doing nat hairpinning?
>
>For reference, PF seems to be able to do this (they call it "rdr-to and nat-
>to combo"), but I don't know how to construct an equivalent NPF rule: 
>http://www.openbsd.org/faq/pf/rdr.html

ext_if= your external interface
internalwww= the ip address of the internal web server

map $ext_if dynamic $internalwww port 80 <- inet4($ext_if) port 80

christos

NPF NAT Hairpinning

2016-07-04 Thread Ryan Brackenbury 
I recently got NetBSD + NPF running on a raspberrypi, and am now using it as 
my gateway router (purchased a 2nd USB ethernet stick as internal nic). 
Behind this router, I run a few servers and also have a 2nd router for my 
home PCs - so it operates like a perimeter network.

When I am hitting my global IP from the outside, NPF forwards my packets 
correctly to my server, and I'm able to view my website. When trying to 
access from one of my home PCs though, I get a connection timeout/refused.

In Linux when I'm usually setting up a router, I am able to configure 
iptables to do nat-hairpinning to any services running in the perimeter 
network. I don't want to resort to split-zone DNS or other methods, so does 
anyone know of a way to coerce NPF into doing nat hairpinning?

For reference, PF seems to be able to do this (they call it "rdr-to and nat-
to combo"), but I don't know how to construct an equivalent NPF rule: 
http://www.openbsd.org/faq/pf/rdr.html

TIA

Re: USB img NetBSD-7.0.1-amd64-install.img does not boot

2016-07-04 Thread Matthias Apitz 
El día Monday, July 04, 2016 a las 08:34:18AM -0400, Gary Duzan escribió:

> In Message <20160704105315.GA1856@c720-r292778-amd64>,
>Matthias Apitz wrote:
> 
> =>I wanted to give NetBSD a try on my Acer C720 (aka Chromebook, but
> =>switched to LegacyBoot mode) and fetched the USB image. I wrote it with
> =>dd(1) to the USB key and it is there and even mountable in FreeBSD:
> =>
> => [...]
> =>
> =>but it does not boot:
> =>
> =>Booting from Hard Disk ...
> =>NetBSD MBR boot
> =>Error Disk read error
> =>Booting from Floppy
> =>Boot failed: could not read the boot disk
> =>
> =>No bootable device.
> =>
> =>What could I have done wrong? Thanks
> 
>I see that the C720 has both USB 2.0 and 3.0 ports. If you are
> using the 3.0 port, try the 2.0 port. Unfortunately, NetBSD's USB
> 3.0 support is experimental at best.

On the 3.0 port it is not even seen as a boot device.

I now wagely remember that we have had changes in the FreeBSD boot code
to support the C720, which are now in trunk, but I have patches from
January 2015. I could send these to someone from NetBSD for review and
integration in NetBSD. I have not enough knowledge about NetBSD to do
this by my own, but would be willing to test the results.

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
"Wer übersieht, dass wir uns den anderen weggenommen haben und sie uns 
wiederhaben wollen,
kann von den Kämpfen der letzten Tage keinen verstehen. Und kann natürlich auch 
keinen
dieser Kämpfe bestehen." Hermann Kant in jW 1.10.1989

Re: USB img NetBSD-7.0.1-amd64-install.img does not boot

2016-07-04 Thread Gary Duzan 
In Message <20160704105315.GA1856@c720-r292778-amd64>,
   Matthias Apitz wrote:

=>
=>
=>Hello,
=>
=>I'm a long time user of FreeBSD (since 1995) and run CURRENT on my
=>laptops and netbooks, all compiled from SVN. I only say this to
=>underline that I have certain experience with such stuff.
=>
=>I wanted to give NetBSD a try on my Acer C720 (aka Chromebook, but
=>switched to LegacyBoot mode) and fetched the USB image. I wrote it with
=>dd(1) to the USB key and it is there and even mountable in FreeBSD:
=>
=> [...]
=>
=>but it does not boot:
=>
=>Booting from Hard Disk ...
=>NetBSD MBR boot
=>Error Disk read error
=>Booting from Floppy
=>Boot failed: could not read the boot disk
=>
=>No bootable device.
=>
=>What could I have done wrong? Thanks

   I see that the C720 has both USB 2.0 and 3.0 ports. If you are
using the 3.0 port, try the 2.0 port. Unfortunately, NetBSD's USB
3.0 support is experimental at best.

   Good luck...

Gary Duzan

USB img NetBSD-7.0.1-amd64-install.img does not boot

2016-07-04 Thread Matthias Apitz 

Hello,

I'm a long time user of FreeBSD (since 1995) and run CURRENT on my
laptops and netbooks, all compiled from SVN. I only say this to
underline that I have certain experience with such stuff.

I wanted to give NetBSD a try on my Acer C720 (aka Chromebook, but
switched to LegacyBoot mode) and fetched the USB image. I wrote it with
dd(1) to the USB key and it is there and even mountable in FreeBSD:

# fdisk da0

*** Working on device /dev/da0 ***
parameters extracted from in-core disklabel are:
cylinders=961 heads=64 sectors/track=32 (2048 blks/cyl)

parameters to be used for BIOS calculations are:
cylinders=961 heads=64 sectors/track=32 (2048 blks/cyl)

Media sector size is 512
Warning: BIOS sector numbering starts with sector 1
Information from DOS bootblock is:
The data for partition 1 is:
sysid 169 (0xa9),(NetBSD)
start 2048, size 1124352 (549 Meg), flag 80 (active)
beg: cyl 0/ head 32/ sector 33;
end: cyl 70/ head 29/ sector 23
The data for partition 2 is:

The data for partition 3 is:

The data for partition 4 is:



$ ls /mnt

altroot
amd64
bin
boot
boot.cfg
dev
etc
install.sh
...


but it does not boot:

Booting from Hard Disk ...
NetBSD MBR boot
Error Disk read error
Booting from Floppy
Boot failed: could not read the boot disk

No bootable device.

What could I have done wrong? Thanks

Vy 73

 matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
"Wer übersieht, dass wir uns den anderen weggenommen haben und sie uns 
wiederhaben wollen,
kann von den Kämpfen der letzten Tage keinen verstehen. Und kann natürlich auch 
keinen
dieser Kämpfe bestehen." Hermann Kant in jW 1.10.1989