On 1/1/06, Diana Eichert <[EMAIL PROTECTED]> wrote:
> damn I feel like I'm playing 20 questions.
>
> diana
And _still_ no pf.conf.
-ME
--
http://erdelynet.com/
Support OpenBSD! http://www.openbsd.org/orders.html
The problem is NOT with your external address, it's related to the tun
interface created by OpenVPN, please re-read my original post.
so just for grins where does the 10.77.77/24 relate to, the tun interface
that OpenVPN builds? Oh yes, and what about 209.223.236.162? Is that an
IP # on an inter
The only rule I have related to OpenVPN is
nat on $ext_if from 10.77.77/24 to any -> 209.223.236.162
I presume $ext_if is up before I get to the pf.conf load, or else I
wouldn't have been able to ever run any rules!
But I'll add the message capture (as suggested elsewhere in the thread)
and sc
Well as others indicated you didn't post your pf.conf, however you did
mention something OpenVPN. Are you doing a NAT rdr on the tun interface?
Something similiar to this:
nat on fxp0 from tun0/24 to any -> fxp0
if so there is no IP number set for tun yet as OpenVPN hasn't started yet.
per the
On 12/31/05, Karl O. Pinc <[EMAIL PROTECTED]> wrote:
>
> On 12/31/2005 06:29:34 PM, Randal L. Schwartz wrote:
> > Nope. No hostnames.
> >
> > Any other ideas?
>
> Some interface is not working on warm start?
OpenVPN - if you have rules for it, that's very likley the problem.
Make sure you don't h
On 31 Dec 2005 16:29:34 -0800, Randal L. Schwartz <[EMAIL PROTECTED]> wrote:
> Nope. No hostnames.
>
> Any other ideas?
Still no pf.conf, eh? Makes it hard to diagnose.
-ME
--
http://erdelynet.com/
Support OpenBSD! http://www.openbsd.org/orders.html
Great idea. I'll try that when I can schedule a box bounce.
I'm wary of editing /etc/rc though... only supposed to "touch"
rc.local. If anything breaks in rc,
I gotta call in some expensive eyes and hands to edit files for me
remotely.
Thanks.
On 31 Dec 2005 16:29:34 -0800, Randal L. Schwartz wrote:
>Nope. No hostnames. And there's nothing in pf.conf that sets up
>anything that DNS would need, anyway. My pf.conf is very simple (I'll
>send it by email to anyone who asks, but the security-dude in me says
>"don't post it to the public")
On 12/31/2005 06:29:34 PM, Randal L. Schwartz wrote:
Nope. No hostnames.
Any other ideas?
Some interface is not working on warm start?
You must be getting a message on boot from pfctl. Hack /etc/rc
to save it to a file.
pfctl -f ${pf_rules} > /somewhere 2>&1
Karl <[EMAIL
Nope. No hostnames. And there's nothing in pf.conf that sets up
anything that DNS would need, anyway. My pf.conf is very simple (I'll
send it by email to anyone who asks, but the security-dude in me says
"don't post it to the public"), just setting up a few queues and a NAT
for OpenVPN (which sh
On 12/31/2005 05:21:25 PM, Michael Erdely wrote:
But I can almost guarantee that it's because you have DNS names in
your pf.conf and your DNS server isn't able to get to the Internet
prior to the ruleset being loaded.
One approach is to:
1) run a slave dns server on your box
2) not load your
On 31 Dec 2005 14:35:33 -0800, Randal L. Schwartz <[EMAIL PROTECTED]> wrote:
> I have a fairly uncomplicated pf.conf (which I'm willing to share if
> asked). When my OpenBSD 3.8 (but this also showed up on 3.7) box
> reboots, it ends up staying in "safe" mode (ssh enabled, no pings
> enabled), as
> What's different between the time that pfctl is called right after
> /etc/netstart (which apparently is failing to load the rules), and
> pfctl is called by me when I've finally logged in? And unfortunately,
> this is a remote box, so I can't watch the console. :(
do you have hostnames in your
I have a fairly uncomplicated pf.conf (which I'm willing to share if
asked). When my OpenBSD 3.8 (but this also showed up on 3.7) box
reboots, it ends up staying in "safe" mode (ssh enabled, no pings
enabled), as set up in the /etc/rc file.
Since pings aren't enabled, I'm required to repeatedly t
14 matches
Mail list logo
