pppoe detail

Wed, 28 Sep 2005 14:13:36 -0700 

Hi Folks ..
 I had recently installed a OpenBSD 3.8 -current machine, running in-kernel
PPPoE implementation, (man 4 pppoe), while it connect fine to the internet
(via ADSL Modem), and do NAT corectly, I can't access to internal web server
from the internet. it run DynDNS.
 The scenario is the next.
 Internet --------- ADSL --------dc0-- OpenBSD 3.8 fxp0 ----------switch
--------- LAN (192.168.0.0/24 <http://192.168.0.0/24>)
 While i dodn't have a DMZ yet, I hope shortly have it.

int_if = "fxp0"
ext_if = "pppoe0"

tcp_services = "{ 22, 113 }"
www_server = "192.168.1.100 <http://192.168.1.100>"
webports = "{http, https}"

# port 80 for www service ruunning
icmp_types = "echoreq"

#priv_nets = "{ 127.0.0.0/8 <http://127.0.0.0/8>,
192.168.0.0/16<http://192.168.0.0/16>,
172.16.0.0/12 <http://172.16.0.0/12>, 10.0.0.0/8 <http://10.0.0.0/8> }"
priv_nets = "{127.0.0.0/8 <http://127.0.0.0/8>,
192.168.0.0/16<http://192.168.0.0/16>}"

# options
set block-policy return
set loginterface $ext_if

# scrub
scrub in all

# scrub for NAT in PPPoE for using max mtu value
scrub out on pppoe0 max-mss 1440

# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $int_if proto tcp from any to any port 21 ->
127.0.0.1<http://127.0.0.1>\
port 8021

# permite acceso al HTTP server
rdr on $ext_if proto tcp from any to any port 80 -> $www_server

#redirecciona el puerto 3128 al 8 para hacer squid transparente
#rdr on $int_if inet proto tcp from any to any port www ->
127.0.0.1<http://127.0.0.1>port 3128

# filter rules
block all

pass quick on lo0 all

block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets

pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state

pass in on $ext_if inet proto tcp from any to ($ext_if) \
user proxy keep state

#pasa todo por el squid

# pass in on $int_if inet proto tcp from any to 127.0.0.1
<http://127.0.0.1>port 3128 keep state
# pass out on $ext_if inet proto tcp from any to any port www keep state

pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

#

pass in on $ext_if proto tcp from any to $www_server port 80 \
flags S/SA synproxy state

Now, the www server (apache) located in 192.168.1.100
<http://192.168.1.100>do not work .

 Any suggestions.

 Regards.

--
---
BSD - Unix simplicity.
Francisco Valladolid Hdez.
[EMAIL PROTECTED]

Reply via email to