[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OpenBSD 3.2 & DNS.



Title: RE: OpenBSD 3.2 & DNS.

Thanks for the assist everyone. Everything works fine (i.e. DNS, FTP, WWW, SSH etc.) with the following exception.

I can VPN (PPTP) to openbsd2.9 boxes from my 3.2 box. But, I cannot VPN into another 3.2 box.

The rule sets and redirections have not changed. Although not critical, it would be nice to have this working as well. I've tried several different configurations to no avail. I get to the infamous MS dialog box "Verifying Username ..." then dead zone.

I guess my dismay is why something works in one version (i.e. everything worked fine in 2.9) but in 3.2 things tend to go bump in the night. Sorry, a little venting from a newbie.

Anyway, any idea as to why PPTP won't work 3.2 <-> 3.2 but 3.2 <-> 2.9 works fine?

Thanks again for the assist.

Richard Gutery

 

--- Begin Message ---
Title: Re: OpenBSD 3.2 & DNS.

look below

On Mon, 7 Apr 2003, Richard Gutery wrote:

> Thanks for all suggestions, but alas I'm still brain dead and can't see the
> forest for the trees.
>
>  I'm enclosing the contents of pf.conf. Maybe someone can see something that
> I'm completely missing - ARGH!!!
>
> # ne3 = External Net xxx.xxx.xxx.0/255.255.252.0
> # vr0 = Internal Net yyy.yyy.yyy.0/255.255.255.0
>
>  FTPPORTS = "{ 55000 >< 57000 }"
>
> # NORMALIZE the Universe
>  scrub in all
>
> # NAT:
>  nat on ne3 inet from yyy.yyy.yyy.0/24 to any -> ne3
>
> # RDR:
>
>  rdr on vr0 proto tcp from any to any port 21 -> 127.0.0.1 port 8081
>  rdr on ne3 proto tcp from any to xxx.xxx.xxx.0/24 port 21  -> \
>       yyy.yyy.yyy.249 port 21
>  rdr on ne3 proto tcp from any to xxx.xxx.xxx.0/24 port   25 -> \
>       yyy.yyy.yyy.250 port 25
>  rdr on ne3 proto tcp from any to xxx.xxx.xxx.0/24 port  110 -> \
>       yyy.yyy.yyy.250 port 110
>  rdr on ne3 proto tcp from any to xxx.xxx.xxx.0/24 port   80 -> \
>       yyy.yyy.yyy.249 port 80
>  rdr on ne3 proto tcp from any to xxx.xxx.xxx.0/24 port  1723 -> \
>       yyy.yyy.yyy.250 port 1723
>  rdr on ne3 proto { tcp, udp } from any to xxx.xxx.xxx.0/24 port 53 -> \
>       yyy.yyy.yyy.250 port 53
delete the above rule^^^^^



>
> # FILTER: the implicit first two rules are (used for testing...)
>  pass in all
>  pass out all
>
> # DNS ???
>  pass out on ne3 inet proto tcp from any to any port = 53 modulate state
>  pass out on ne3 inet proto udp from any to any port = 53 keep state
>
> # block in log all
>
>
> # allow incoming connections
>  pass  in on ne3 inet proto tcp from any to yyy.yyy.yyy.yyy port 1723 keep
> state
>  pass  in on ne3 inet proto gre from any to yyy.yyy.yyy.yyy keep state
>  pass out on ne3 inet proto gre from any to any keep state
>  pass  in on ne3 inet proto tcp from any to any port 22 keep state
>  pass out on ne3 inet proto { tcp, udp } all keep state
>
add this:
pass in on ne3 inet proto {udp,tcp} from any to any port = 53 keep state



--- End Message ---

Attachment: Richard Gutery.vcf
Description: Binary data