Hi everyone
I've got a simple router set up as home, replacing an old US Robotics
8000. I set up NAT translation with pf. I have the following rules:
-- begin /etc/pf.conf --
red_if="ne3"
green_if="fxp0"
dmz_host="192.168.0.102"
dmz_ports="{1024:65535}"
local_public_services="{2222, 8080}"
set skip on lo
# NAT
nat on $red_if from $green_if:network to any -> ($red_if)
# Local public services
rdr on $red_if proto tcp from any to any port $local_public_services ->
127.0.0.1
# DMZ Host
rdr on $red_if proto tcp from any to any port $dmz_ports -> $dmz_host
-- end /etc/pf.conf --
green_if is the interface to my local network, red_if is the interface
to the internet. the ne3 is configured as DHCP. The DMZ host is meant
for my computer, because I run a lot of software that require alot of
open ports, so I always set it up as a DMZ host (as like I did with the
US Robotics router). The local_public_servers is for two servers running
on the router itself, prohibiting it being forwarded to the dmz_host.
Now there is one issue remaining, for some reason I cannot surf the
internet, make an FTP connection, etc... from the router itself. When
try to surf the internet lynx hangs at "making http connection to x". So
how do I fix this? Is there some problem with my network configuration,
or did I configure something wrong in pf.conf?
Thanks!
Best Regards
Glenn Matthys
Some other information that might be useful:
# route -n show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu
Interface
default 81.164.128.1 UGS 0 915573 - ne3
81.164.128/20 link#2 UC 0 0 - ne3
81.164.128.1 00:30:b8:c1:85:20 UHLc 0 0 - ne3
81.164.133.29 127.0.0.1 UGHS 0 0 33224 lo0
127/8 127.0.0.1 UGRS 0 0 33224 lo0
127.0.0.1 127.0.0.1 UH 0 153 33224 lo0
192.168.0/24 link#1 UC 0 0 - fxp0
192.168.0.102 00:11:09:cb:62:5c UHLc 0 1556226 - L fxp0
224/4 127.0.0.1 URS 0 0 33224 lo0
Internet6:
Destination Gateway Flags
Refs Use Mtu Interface
::/104 ::1 UGRS
0 0 - lo0
::/96 ::1 UGRS
0 0 - lo0
::1 ::1 UH
0 0 33224 lo0
::127.0.0.0/104 ::1 UGRS
0 0 - lo0
::224.0.0.0/100 ::1 UGRS
0 0 - lo0
::255.0.0.0/104 ::1 UGRS
0 0 - lo0
::ffff:0.0.0.0/96 ::1 UGRS
0 0 - lo0
2002::/24 ::1 UGRS
0 0 - lo0
2002:7f00::/24 ::1 UGRS
0 0 - lo0
2002:e000::/20 ::1 UGRS
0 0 - lo0
2002:ff00::/24 ::1 UGRS
0 0 - lo0
fe80::/10 ::1 UGRS
0 0 - lo0
fe80::%fxp0/64 link#1 UC
0 0 - fxp0
fe80::280:5fff:feb7:7a44%fxp0 00:80:5f:b7:7a:44 UHL
0 0 - lo0
fe80::%ne3/64 link#2 UC
0 0 - ne3
fe80::240:caff:fe10:fcb%ne3 00:40:ca:10:0f:cb UHL
0 0 - lo0
fe80::%lo0/64 fe80::1%lo0 U
0 0 - lo0
fe80::1%lo0 link#6 UHL
0 0 - lo0
fec0::/10 ::1 UGRS
0 0 - lo0
ff01::/32 ::1 UC
0 0 - lo0
ff02::%fxp0/32 link#1 UC
0 0 - fxp0
ff02::%ne3/32 link#2 UC
0 0 - ne3
ff02::%lo0/32 ::1 UC
0 0 - lo0
#
# cat /etc/hostname.fxp0
inet 192.168.0.2 255.255.255.0 NONE
#
# cat /etc/hostname.ne3
dhcp NONE NONE NONE
#
and a dmesg for completeness' sake
# dmesg
OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 166 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
cpu0: F00F bug workaround installed
real mem = 33136640 (32360K)
avail mem = 22138880 (21620K)
using 430 buffers containing 1761280 bytes (1720K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(6b) BIOS, date 08/14/97, BIOS32 rev. 0 @ 0xfaf80
apm0 at bios0: Power Management spec V1.2
apm0: APM engage (device 1): power management disabled (1)
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0000/0xb434
pcibios0: PCI BIOS has 4 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 10 11 12
pcibios0: PCI Interrupt Router at 000:07:0 ("VIA VT82C586 ISA" rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc0000/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "VIA VT82C1595 PCI" rev 0x04
pcib0 at pci0 dev 7 function 0 "VIA VT82C586 ISA" rev 0x27
pciide0 at pci0 dev 7 function 1 "VIA VT82C571 IDE" rev 0x06: ATA33,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <ST31722A>
wd0: 16-sector PIO, LBA, 1625MB, 3329424 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <TOSHIBA, CD-ROM XM-2402B, 2906> SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 3, DMA mode 1
uhci0 at pci0 dev 7 function 2 "VIA VT83C572 USB" rev 0x02: irq 12
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
fxp0 at pci0 dev 8 function 0 "Intel 8255x" rev 0x05, i82558: irq 11,
address 00:80:5f:b7:7a:44
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
ne3 at pci0 dev 17 function 0 "Realtek 8029" rev 0x00: irq 10, address
00:40:ca:10:0f:cb
vga1 at pci0 dev 18 function 0 "S3 ViRGE" rev 0x06
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask f3fd netmask fffd ttymask ffff
pctr: 586-class performance counters and user-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
#
