JR Dalrymple wrote:
List,
Forgive me, I'm only smart enough to get myself into trouble unfortunately.
My PF edge router has been cruising along for sometime now (years)
without problems, doing just ask I ask of it. For some reason today it
decided to stop serving webpages from my internal webserver. NOTHING
changed anywhere to the best of my knowledge.
BAD attitude.
You don't solve problems that way.
SOMETHING CHANGED. Things worked, now they don't. Thus, SOMETHING
CHANGED. As long as you say "NOTHING CHANGED", you will have difficulty
finding the problem, as you have eliminated the reality of the situation
from consideration.
Accept that something changed...now find it and fix it.
> I'm the only user on all
of the servers in question, so if something did change then I was
"haxored".
The only thing that has broken apparently is inbound webpage redirects.
I'm still getting my E-mail, I'm still browsing the Internet, and that's
about all that I care about.
I tcpdumped each step. You can see it coming in on the pppoe0, going
through pflog0 and then out on the internal NIC xl0, but the webserver
doesn't see it coming in on it's NIC fxp0. What's really weird is that
if I change my pf.conf to redirect to a different host it works. Also if
I try to look at webpages on the main webserver from the PF router (or
anywhere else on the internal LAN) they serve up fine. It's only when PF
has to redirect the pages to THAT SPECIFIC HOST that it falls apart.
If you shut down the non-functioning web server, and place another
webserver in its place at the same IP address, do things work or not?
That tells you easily if it is the firewall or the webserver.
I will repeat that using different words so as to not confuse anyone:
logged into the edge router in question, "lynx internal_webserver" works
just fine, but from the outside world browsing to "jrssite.com" or even
my public IP do not work (see for yourself). If I change my "rdr" rule
to a different IP (all of my internal stuff is IP based, no internal
DNS) with apache running it works fine, inside or outside.
Can anyone make sense of why this would happen knowing that my pf rules
didn't change from the time that it did work to the time it didn't? Give
me any sort of direction to head before I have to rebuild my webserver?
One easy explaination could be your webserver's gateway address changed.
Result would be you can talk inside, but you can't talk through the
gateway (your PF firewall machine). What caused that problem could be a
number of things...accidental file deletion, incorrect switch from DHCP
to static IP pop quickly into mind.
One sadly common reason for such problems is many people rebel against
the Windows Way of "you moved your mouse, you need to reboot now", and
they make massive (or tiny!) reconfigurations of their systems,
"activate" them, and assume things will "just work" on a reboot. Then
months later, they reboot the machine (or a power flick does it for
them), things don't work, and they run around saying, "NOTHING CHANGED!
NOTHING CHANGED!!" Sure they did, two things, in fact: 1) you changed
the config (improperly). 2) you finally rebooted the machine which
exposed the error. But of course, several months later, you don't
recall what the change was..or that it even happened.
If you need my pf.conf or any pfctl outputs etc, just suggest so, but I
really don't think they affect this problem considering the symptoms and
my current diagnostic steps. I don't want to go through and anonymize
them if I don't have to.
well, you should have enough above to convincingly decide if it is
firewall or the webserver. Hopefully from there, you can figure out
what the problem is.
Nick.
