Hi,
I'm using OpenBSD 5.8 on a Ubiquiti Edgerouter Lite. It works great,
apart from my customers reported that some websites don't work for them
(I've verified that it's true).
My /etc/pf.conf is:
int_if="{ vether0 cnmac1 cnmac2 }"
broken="224.0.0.22 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 \
10.0.0.0/8 169.254.0.0/16 192.0.2.0/24 \
198.51.100.0/24, 203.0.113.0/24, \
169.254.0.0/16 0.0.0.0/8 240.0.0.0/4 255.255.255.255/32"
set block-policy drop
set loginterface egress
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
antispoof quick for (egress)
block in quick on egress from { $broken no-route urpf-failed } to any
block in quick inet6 all
block return out quick inet6 all
block return out quick log on egress proto { tcp udp } from any to any
port 53
block return out quick log on egress from any to { no-route $broken }
block in all
pass out quick inet keep state
pass in on $int_if inet keep state
pass on $int_if from any to { 224.0.0.2, 239.0.0.0/8 }
pass in on $int_if inet proto { tcp udp } from any to ! 192.168.1.1 port
53 rdr-to 192.168.1.1
pass in quick on $int_if proto udp from any to ! 192.168.1.1 port 123
rdr-to 192.168.1.1
pass in on egress inet proto tcp to (egress) port 2501 rdr-to
192.168.1.2 port 22
pass in on egress inet proto tcp from any to (egress) port 2500
pass in on egress inet proto tcp from any to (egress) port 9001
pass in on egress inet proto tcp from any to (egress) port 9030
The sites in question are nk.pl (loads once in a while), cyberbaba.pl
and phoronix.com. They all send 301 redirection and that's it.
Any ideas what might cause it?
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
