[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

my firewall



Hello folks. Thanks to everyone who responded to my problem. The laptop can use the internet now, however it wont resolve host names properly. For example, it wouldnt connect to www.google.ca but it would to 64.233.167.104 
Same for IRC, xhat wouldnt connect to eu.undernet.org but it would connect to 195.68.221.221   ...wierd, huh?
Heres the pf.conf Im using:
===========================
# Gatewolf pf rules
#
ext_if = "xl0"
int_if = "ep1"
nat on $ext_if from 192.168.1.2 to any -> ($ext_if)
block in  log all
block out log all
pass in quick on lo0 all
pass out quick on lo0 all
pass in  quick on $int_if from any to any
pass out quick on $int_if from any to any
pass quick all
===========================
Heres some output:
=    Results of running checker script found here : 
=    http://www.freebsdforums.org/forums/showthread.php?s=&threadid=19250
============================================================================
--- sysctl kern.version --- OS/kernel version
kern.version=OpenBSD 3.5 (GENERIC) #34: Mon Mar 29 12:24:55 MST 2004
    [email protected]:/usr/src/sys/arch/i386/compile/GENERIC
--- sysctl -a | grep forward --- Forwarding between interfaces
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=0
--- ifconfig -a --- Interface configuration
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	address: 00:50:da:5e:e9:60
	media: Ethernet 10baseT (10baseT half-duplex)
	inet6 fe80::250:daff:fe5e:e960%xl0 prefixlen 64 scopeid 0x1
	inet 70.65.181.102 netmask 0xfffffe00 broadcast 255.255.255.255
ep1: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	address: 00:20:af:e6:c4:1d
	media: Ethernet 10baseT
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	inet6 fe80::220:afff:fee6:c41d%ep1 prefixlen 64 scopeid 0x2
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536
--- netstat -rn -f inet --- IPv4 routing tables
Routing tables
Internet:
Destination        Gateway            Flags     Refs     Use    Mtu  Interface
default            70.65.180.1        UGS         2     5910      -   xl0
70.65.180/23       link#1             UC          1        0      -   xl0
70.65.180.1        0:0:77:93:d9:3f    UHLc        1        0      -   xl0
70.65.181.102      127.0.0.1          UGHS        0        0  33224   lo0
127/8              127.0.0.1          UGRS        0        0  33224   lo0
127.0.0.1          127.0.0.1          UH          2     7765  33224   lo0
192.168.1/24       link#2             UC          1        0      -   ep1
192.168.1.2        0:50:ba:38:60:e4   UHLc        0        2      -   ep1
224/4              127.0.0.1          URS         0        0  33224   lo0
=== /etc/resolv.conf === Name resolution
search lb.shawcable.net
nameserver 64.59.135.133
nameserver 64.59.135.135
lookup file bind
File /etc/nsswitch.conf doesn't exist
=== /etc/hosts === 
#	$OpenBSD: hosts,v 1.11 2002/09/26 23:35:51 krw Exp $
#
# Host Database
#
# RFC 1918 specifies that these networks are "internal".
# 10.0.0.0      10.255.255.255
# 172.16.0.0    172.31.255.255
# 192.168.0.0   192.168.255.255
#
::1 localhost.lb.shawcable.net localhost
127.0.0.1 localhost.lb.shawcable.net localhost
127.0.0.1 gatewolf.lb.shawcable.net gatewolf
70.65.146.56 bsdwolf.lb.shawcable.net bsdwolf
192.168.1.2 lapwolf.wolfpack lapwolf
--- egrep ^[^#]+ /etc/rc.conf --- "rc.conf" without comments
routed_flags=NO		# for normal use: "-q"
mrouted_flags=NO	# for normal use: "", if activated
			# be sure to enable multicast_router below.
bgpd_flags=NO		# for normal use: ""
rarpd_flags=NO		# for normal use: "-a"
bootparamd_flags=NO	# for normal use: ""
rbootd_flags=NO		# for normal use: ""
sshd_flags=""		# for normal use: ""
named_flags=NO		# for normal use: ""
rdate_flags=NO		# for normal use: [RFC868-host] or [-n RFC1361-host]
timed_flags=NO		# for normal use: ""
ntpdate_flags=NO	# for normal use: NTP server; run before ntpd starts
isakmpd_flags=NO	# for normal use: ""
mopd_flags=NO		# for normal use: "-a"
apmd_flags=NO		# for normal use: ""
dhcpd_flags=NO		# for normal use: "-q"
rtadvd_flags=NO		# for normal use: list of interfaces
			# be sure to set net.inet6.ip6.forwarding=1
route6d_flags=NO	# for normal use: ""
			# be sure to set net.inet6.ip6.forwarding=1
rtsold_flags=NO		# for normal use: interface
			# be sure to set net.inet6.ip6.forwarding=0
			# be sure to set net.inet6.ip6.accept_rtadv=1
lpd_flags=NO		# for normal use: "" (or "-l" for debugging)
sensorsd_flags=NO	# for normal use: ""
httpd_flags=NO		# for normal use: "" (or "-DSSL" after reading ssl(8))
sendmail_flags="-L sm-mta -C/etc/mail/localhost.cf -bd -q30m"
spamd_flags=NO		# for normal use: "" and see spamd-setup(8)
spamd_grey=NO		# use spamd greylisting if YES
ftpd_flags=NO		# for non-inetd use: "-D"
identd_flags=NO		# for non-inetd use: "-b -elo"
xdm_flags=NO		# for normal use: ""
wsmoused_flags=NO	# for ps/2 or usb mice: "", serial: "-p /dev/cua00"
rwhod=NO
nfs_server=NO		# see sysctl.conf for nfs client configuration
lockd=NO
amd=NO
pf=YES			# Packet filter / NAT
portmap=NO		# Note: inetd(8) rpc services need portmap too
inetd=YES		# almost always needed
check_quotas=YES	# NO may be desirable in some YP environments
ntpd=YES		# run ntpd if it exists
krb5_master_kdc=NO	# KerberosV master KDC. Run 'info heimdal' for help.
krb5_slave_kdc=NO	# KerberosV slave KDC.
afs=NO			# mount and run afs
multicast_host=NO	# Route all multicast packets to a single interface
multicast_router=NO	# A multicast routing daemon will be run, e.g. mrouted
savecore_flags=			# "-z" to compress
ypserv_flags=			# E.g. -1 for YP v1, -d for DNS etc
yppasswdd_flags=NO		# "-d /etc/yp" if passwd files are in /etc/yp
nfsd_flags="-tun 4"		# Crank the 4 for a busy NFS fileserver
amd_dir=/tmp_mnt		# AMD's mount directory
amd_master=/etc/amd/master	# AMD 'master' map
syslogd_flags=			# add more flags, ie. "-u -a /chroot/dev/log"
pf_rules=/etc/pf.conf		# Packet filter rules file
pflogd_flags=			# add more flags, ie. "-s 256"
afsd_flags=			# Flags passed to afsd
shlib_dirs=			# extra directories for ldconfig, separated
				# by space
local_rcconf="/etc/rc.conf.local"
[ -f ${local_rcconf} ] && . ${local_rcconf} # Do not edit this line
--- ps -ax | grep inetd --- Is inetd running?
16593 ??  Is      0:00.03 inetd 
--- egrep ^[^#]+ /etc/inetd.conf --- Enabled "inetd" services
ident		stream	tcp	nowait	_identd	/usr/libexec/identd	identd -el
ident		stream	tcp6	nowait	_identd	/usr/libexec/identd	identd -el
127.0.0.1:comsat dgram	udp	wait	root	/usr/libexec/comsat	comsat
[::1]:comsat	dgram	udp6	wait	root	/usr/libexec/comsat	comsat
daytime		stream	tcp	nowait	root	internal
daytime		stream	tcp6	nowait	root	internal
time		stream	tcp	nowait	root	internal
time		stream	tcp6	nowait	root	internal
=============================================================
Results of pinging the bsd box from the laptop dos prompt
tcpdump -ni ep1
tcpdump: listening on ep1
05:09:47.322027 arp who-has 192.168.1.1 tell 192.168.1.2
05:09:47.322096 arp reply 192.168.1.1 is-at 0:20:af:e6:c4:1d
05:09:47.322678 192.168.1.2 > 192.168.1.1: icmp: echo request
05:09:47.322853 192.168.1.1 > 192.168.1.2: icmp: echo reply
05:09:48.329526 192.168.1.2 > 192.168.1.1: icmp: echo request
05:09:48.329672 192.168.1.1 > 192.168.1.2: icmp: echo reply
05:09:49.334362 192.168.1.2 > 192.168.1.1: icmp: echo request
05:09:49.334521 192.168.1.1 > 192.168.1.2: icmp: echo reply
05:09:50.339126 192.168.1.2 > 192.168.1.1: icmp: echo request
05:09:50.339276 192.168.1.1 > 192.168.1.2: icmp: echo reply
=============================================================
Results of dmesg
OpenBSD 3.5 (GENERIC) #34: Mon Mar 29 12:24:55 MST 2004
    [email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 134 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
cpu0: F00F bug workaround installed
real mem  = 133804032 (130668K)
avail mem = 117891072 (115128K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(92) BIOS, date 09/13/97, BIOS32 rev. 0 @ 0xfb220
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev. 2.1 @ 0xf0000/0xb6e8
pcibios0: PCI BIOS has 6 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 9 11
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371AB PIIX4 ISA" rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc0000/0x8000
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82439TX System" rev 0x01
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x01
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <QUANTUM TRB850A>
wd0: 8-sector PIO, LBA, 810MB, 1660176 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <SAMSUNG, CD-ROM SC-152C, CS05> SCSI0 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82371AB Power Mgmt" rev 0x01 at pci0 dev 7 function 3 not configured
xl0 at pci0 dev 11 function 0 "3Com 3c900B 10Mbps" rev 0x04: irq 9 address 00:50:da:5e:e9:60
vga1 at pci0 dev 12 function 0 "S3 ViRGE DX/GX" rev 0x01
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v4.13
midi0 at sb0: <SB MIDI UART>
audio0 at sb0
opl0 at sb0: model OPL3
midi1 at opl0: <SB Yamaha OPL3>
pcppi0 at isa0 port 0x61
midi2 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
isapnp0 at isa0 port 0x279: read port 0x203
ep1 at isapnp0 "3Com 3C509B EtherLink III, TCM5090, PNP80F7, " port 0x210/16 irq 10: address 00:20:af:e6:c4:1d, utp/aui (default utp)
biomask c840 netmask ce40 ttymask cec2
pctr: 586-class performance counters and user-level cycle counter enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
=============================================================
Results of pfctl -nvvf /etc/pf.conf
 pfctl -nvvf /etc/pf.conf
Loaded 345 passive OS fingerprints
ext_if = "xl0"
int_if = "ep1"
@0 nat on xl0 inet from 192.168.1.2 to any -> (xl0) round-robin
@1 block drop in log all
@2 block drop out log all
@3 pass in quick on lo0 all
@4 pass out quick on lo0 all
@5 pass in quick on ep1 all
@6 pass out quick on ep1 all
@7 pass quick all
=============================================================
Results of sysctl -a | grep net.inet.ip.forwarding
# sysctl -a | grep net.inet.ip.forwarding
net.inet.ip.forwarding=1
=============================================================