pf or bgp issue

Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

pf or bgp issue

Jay See
Hi,

We have openBSD based firewall. It used to work fine until I upgraded from the openBSD6.3 to 6.4. Once I have upgraded the firewall from 6.3 to 6.4, firewall is not able to route the traffic to server with public IP which is configured using the "carp". Basically, we are routing from this public IP to private network behind the firewall.

Behind the firewall, we have OpenStack deployment with allocation of public IPs. We are able to access the public IPs allocated for the VMs.

I am not sure whether it is pf issue or bgp issue (as they changed announce list or all from openBSD6.4) or some other issue.

I thought, this might be temporary issue, I have upgraded the firewall to 6.5 and 6.6 also. Still same issue. Now the firewall is running with OpenBSD6.6 and all services are running smoothly.

Our rule set is long and I am not sure, I should share it in the mailing list or not. As I have any not seen any mails in last 2 days. Please let me know, where should I look to find the actual problem. 

Regards,
Jayachander.

--
P
  SAVE PAPER – Please do not print this e-mail unless absolutely necessary.
Reply | Threaded
Open this post in threaded view
|

Re: pf or bgp issue

Jay See
Some logs here :
Please find the pf rules, bgpd.conf, ifconfig and host configuration on the following link: 

tcpdump on firewall , while trying to connect to IP: https://paste.ubuntu.com/p/YyyXDvt6mc/

I have made following changes :
pass out quick on ix2 from $cloud_public_addr to any            ### This does not allow traffic outside
pass in quick on ix3 from <allowedusers> to $cloud_public_addr
    ### This works to allow inside 

Can anyone suggest, whay am I missing here.

Thanks for your help.
Regards,
~ Jayachander.

On Thu, Feb 6, 2020 at 10:48 AM Jay See <[hidden email]> wrote:
Hi,

We have openBSD based firewall. It used to work fine until I upgraded from the openBSD6.3 to 6.4. Once I have upgraded the firewall from 6.3 to 6.4, firewall is not able to route the traffic to server with public IP which is configured using the "carp". Basically, we are routing from this public IP to private network behind the firewall.

Behind the firewall, we have OpenStack deployment with allocation of public IPs. We are able to access the public IPs allocated for the VMs.

I am not sure whether it is pf issue or bgp issue (as they changed announce list or all from openBSD6.4) or some other issue.

I thought, this might be temporary issue, I have upgraded the firewall to 6.5 and 6.6 also. Still same issue. Now the firewall is running with OpenBSD6.6 and all services are running smoothly.

Our rule set is long and I am not sure, I should share it in the mailing list or not. As I have any not seen any mails in last 2 days. Please let me know, where should I look to find the actual problem. 

Regards,
Jayachander.

--
P
  SAVE PAPER – Please do not print this e-mail unless absolutely necessary.


--
P
  SAVE PAPER – Please do not print this e-mail unless absolutely necessary.