Pf - Private address blocking

2007-02-19 Thread martin g 
Hey all

I have a question about blocking private addr. with pf.

I have defined the  reserved addresses acording  to RFC 1918 in a table
priv_ip

My default  rule is :

block in on $ext_if
block out  on $ext_if

pass in on $int_if
pass out on $int_if

1. With this 2 rules defined is it still recomended to block private addr.

If it is then:

Computers on my network  have IP's from block 192.168.0.0/16 let's say
192.168.1.100 to 192.168.1.105
I make another table called lan

What is the correct rule? Do i negate table lan in a rule

block in on $ext_if from any to  { priv_ip, !lan }
block out on $ext_if from  { priv_ip, !lan } to any

or do i negate ip's in a table like so

table lan { !192.168.1.100 , ...}

tnx for reply

problem with 003_systrace.patch

2006-11-22 Thread martin g 
Hello all

when i apply this patch system asks me

File to patch:

what should i enter here

Bye

ppp.conf

2006-11-02 Thread martin g 
hey all

Has anyone got an explanation for this:
Example:

/etc/ppp/ppp.conf

default :
set log ...

when i run ppp ... i getWarning line 2 missing colon or something like
that

but when i do this everything is all right and i don't get any warnings

/etc/ppp/ppp.conf

default:
   set log ...

notice the position of set log

Why is that so important


-- 
Welcome to The Zone, where normal things don't happen very often.

DNS setup

2006-10-31 Thread martin g 
Hello all

Aprox. 2 weeks ago i posted a question titled web browsing to this list. It
was about  how to setup NAT  on my  gateway  so intranet computers  can
access  Internet.

The current situation is:

I have a obsd3.9 box connected to internet using ppp.conf, on the inside i
have a winXP box connected to switch, connected to obsd box.

The thing that wasn't working was that my XP box couldn't access web pages.
I blamed it on pf.conf. But that wasn't the case.

Today i tried this:   I turned off Pf   i will set that up later
I checked man ppp and found this info. ...to turn on NAT add this line to
ppp.confnat enable yes... . With this line added to ppp.conf things
started to work.

Now the question :

1. My resolv.conf contains namesservers from my ISP

2. At the begining xp box was setup with DNS parameter pointing to my
gateway 192.168.0.1. I could not access Internet, then i changed this
parameter to dns server ip of my ISP
and things work again.


What must i do that things will work with dns parameter set to my gateway ?

Are there any security threats with parameters set to dns ip form my ISP ?
Will this be a problem when setting up Pf ?

Lenovo notebooks

2006-10-26 Thread martin g 
Hello all

Has anyone got experience with Lenovo notebooks running OpenBSD.
If you are so kind to share your experience.

tnx.