Problem with pf rules.

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with pf rules.

Saulo Bozzi
I'm in troubles to put a router/firewall Openbsd 4.6 at vmware and at
Slackware 13 to can "talk" throught of host-only. But the main problem now is
the OpenBSD make a rdr to webserver Slackware. Well, I'll try descrive the
situation:



The OpenBSD 4.6 has two interfaces:



One bridge

One host-only with ip 192.168.38.130



At Slackware 13 has a interface:

host-only with ip 192.168.38.128



That are my rules of pf:



if_net="vic0"

if_ws="vic1"

ip_ws="192.168.138.128"



#black log all

pass log all



rdr pass log on $if_net proto tcp to port 6060 -> $ip_ws port 80



rdr pass log on $if_net proto tcp to port 2222 -> 127.0.0.1 port 22



nat log on $if_net from !($if_net) -> ($if_net:0)



PS: Which if_net is the interface of the bridge and if_wa is the host-only.



The OpenBSD can ping the internal ip of host-only of Slackware 192.168.138.128
and also when I sent a telnet to him in port 80 and it answer perfectly.



Therefore when it comes outside of the internet, a telnet to OpenBSD in port
2222 it come in the ssh of OpenBSD but It cant log on. To port 6060 didn't
show up the log and it cant do a rdr or it didn't work. I've thought the
communication Slackware, the listen port 80 that was tcp6, maybe would be ipv6
only, but I did insert tcp to ipv4 and the rdr also didn't work.



I'm using the command: tcpdump -n -e -ttt -i pflog0

To verify these logs by interface pflog0



I'm needing a light, suggestion or something like that..Can you tell me
something guys?



Any information or anything else you can ask me that Ill send.



Thanks a lot.

See ya.

Reply | Threaded
Open this post in threaded view
|

Re: Problem with pf rules.

Karl-Heinz Wild
did you "net.inet.ip.forwarding=1" in sysctl?

regards
karl-heinz

On 14.01.2010, at 16:10, PsYkHe wrote:

> I'm in troubles to put a router/firewall Openbsd 4.6 at vmware and at
> Slackware 13 to can "talk" throught of host-only. But the main problem now
is

> the OpenBSD make a rdr to webserver Slackware. Well, I'll try descrive the
> situation:
>
>
>
> The OpenBSD 4.6 has two interfaces:
>
>
>
> One bridge
>
> One host-only with ip 192.168.38.130
>
>
>
> At Slackware 13 has a interface:
>
> host-only with ip 192.168.38.128
>
>
>
> That are my rules of pf:
>
>
>
> if_net="vic0"
>
> if_ws="vic1"
>
> ip_ws="192.168.138.128"
>
>
>
> #black log all
>
> pass log all
>
>
>
> rdr pass log on $if_net proto tcp to port 6060 -> $ip_ws port 80
>
>
>
> rdr pass log on $if_net proto tcp to port 2222 -> 127.0.0.1 port 22
>
>
>
> nat log on $if_net from !($if_net) -> ($if_net:0)
>
>
>
> PS: Which if_net is the interface of the bridge and if_wa is the host-only.
>
>
>
> The OpenBSD can ping the internal ip of host-only of Slackware
192.168.138.128
> and also when I sent a telnet to him in port 80 and it answer perfectly.
>
>
>
> Therefore when it comes outside of the internet, a telnet to OpenBSD in
port
> 2222 it come in the ssh of OpenBSD but It cant log on. To port 6060 didn't
> show up the log and it cant do a rdr or it didn't work. I've thought the
> communication Slackware, the listen port 80 that was tcp6, maybe would be
ipv6

> only, but I did insert tcp to ipv4 and the rdr also didn't work.
>
>
>
> I'm using the command: tcpdump -n -e -ttt -i pflog0
>
> To verify these logs by interface pflog0
>
>
>
> I'm needing a light, suggestion or something like that..Can you tell me
> something guys?
>
>
>
> Any information or anything else you can ask me that Ill send.
>
>
>
> Thanks a lot.
>
> See ya.

Reply | Threaded
Open this post in threaded view
|

Re: Problem with pf rules.

Saulo Bozzi
Damn man!!!.....Holy crap.....I really forgot this detail...

Thanks Man.
Regards.

> did you "net.inet.ip.forwarding=1" in sysctl?
>
> regards
> karl-heinz
>
> On 14.01.2010, at 16:10, PsYkHe wrote:
>
>> I'm in troubles to put a router/firewall Openbsd 4.6 at vmware and at
>> Slackware 13 to can "talk" throught of host-only. But the main problem
>> now
> is
>> the OpenBSD make a rdr to webserver Slackware. Well, I'll try descrive
>> the
>> situation:
>>
>>
>>
>> The OpenBSD 4.6 has two interfaces:
>>
>>
>>
>> One bridge
>>
>> One host-only with ip 192.168.38.130
>>
>>
>>
>> At Slackware 13 has a interface:
>>
>> host-only with ip 192.168.38.128
>>
>>
>>
>> That are my rules of pf:
>>
>>
>>
>> if_net="vic0"
>>
>> if_ws="vic1"
>>
>> ip_ws="192.168.138.128"
>>
>>
>>
>> #black log all
>>
>> pass log all
>>
>>
>>
>> rdr pass log on $if_net proto tcp to port 6060 -> $ip_ws port 80
>>
>>
>>
>> rdr pass log on $if_net proto tcp to port 2222 -> 127.0.0.1 port 22
>>
>>
>>
>> nat log on $if_net from !($if_net) -> ($if_net:0)
>>
>>
>>
>> PS: Which if_net is the interface of the bridge and if_wa is the
>> host-only.
>>
>>
>>
>> The OpenBSD can ping the internal ip of host-only of Slackware
> 192.168.138.128
>> and also when I sent a telnet to him in port 80 and it answer perfectly.
>>
>>
>>
>> Therefore when it comes outside of the internet, a telnet to OpenBSD in
> port
>> 2222 it come in the ssh of OpenBSD but It cant log on. To port 6060
>> didn't
>> show up the log and it cant do a rdr or it didn't work. I've thought the
>> communication Slackware, the listen port 80 that was tcp6, maybe would be
> ipv6
>> only, but I did insert tcp to ipv4 and the rdr also didn't work.
>>
>>
>>
>> I'm using the command: tcpdump -n -e -ttt -i pflog0
>>
>> To verify these logs by interface pflog0
>>
>>
>>
>> I'm needing a light, suggestion or something like that..Can you tell me
>> something guys?
>>
>>
>>
>> Any information or anything else you can ask me that Ill send.
>>
>>
>>
>> Thanks a lot.
>>
>> See ya.

Reply | Threaded
Open this post in threaded view
|

Re: Problem with pf rules.

Saulo Bozzi
Well,
My rules of rdr now work, but dont log on. Only the out of rdr port 8080.

Any suggestion?

Thanks,
Bye.

2010/1/14 PsYkHe <[hidden email]>

> Damn man!!!.....Holy crap.....I really forgot this detail...
>
> Thanks Man.
> Regards.
>
>
>  did you "net.inet.ip.forwarding=1" in sysctl?
>>
>> regards
>> karl-heinz
>>
>> On 14.01.2010, at 16:10, PsYkHe wrote:
>>
>>  I'm in troubles to put a router/firewall Openbsd 4.6 at vmware and at
>>> Slackware 13 to can "talk" throught of host-only. But the main problem
>>> now
>>>
>> is
>>
>>> the OpenBSD make a rdr to webserver Slackware. Well, I'll try descrive
>>> the
>>> situation:
>>>
>>>
>>>
>>> The OpenBSD 4.6 has two interfaces:
>>>
>>>
>>>
>>> One bridge
>>>
>>> One host-only with ip 192.168.38.130
>>>
>>>
>>>
>>> At Slackware 13 has a interface:
>>>
>>> host-only with ip 192.168.38.128
>>>
>>>
>>>
>>> That are my rules of pf:
>>>
>>>
>>>
>>> if_net="vic0"
>>>
>>> if_ws="vic1"
>>>
>>> ip_ws="192.168.138.128"
>>>
>>>
>>>
>>> #black log all
>>>
>>> pass log all
>>>
>>>
>>>
>>> rdr pass log on $if_net proto tcp to port 6060 -> $ip_ws port 80
>>>
>>>
>>>
>>> rdr pass log on $if_net proto tcp to port 2222 -> 127.0.0.1 port 22
>>>
>>>
>>>
>>> nat log on $if_net from !($if_net) -> ($if_net:0)
>>>
>>>
>>>
>>> PS: Which if_net is the interface of the bridge and if_wa is the
>>> host-only.
>>>
>>>
>>>
>>> The OpenBSD can ping the internal ip of host-only of Slackware
>>>
>> 192.168.138.128
>>
>>> and also when I sent a telnet to him in port 80 and it answer perfectly.
>>>
>>>
>>>
>>> Therefore when it comes outside of the internet, a telnet to OpenBSD in
>>>
>> port
>>
>>> 2222 it come in the ssh of OpenBSD but It cant log on. To port 6060
>>> didn't
>>> show up the log and it cant do a rdr or it didn't work. I've thought the
>>> communication Slackware, the listen port 80 that was tcp6, maybe would be
>>>
>> ipv6
>>
>>> only, but I did insert tcp to ipv4 and the rdr also didn't work.
>>>
>>>
>>>
>>> I'm using the command: tcpdump -n -e -ttt -i pflog0
>>>
>>> To verify these logs by interface pflog0
>>>
>>>
>>>
>>> I'm needing a light, suggestion or something like that..Can you tell me
>>> something guys?
>>>
>>>
>>>
>>> Any information or anything else you can ask me that Ill send.
>>>
>>>
>>>
>>> Thanks a lot.
>>>
>>> See ya.