Bray Mailloux wrote:
Hello;
I'm experiencing some network trouble. Two problems exist and they are
as thus; My DNS server, which has the ip 192.168.1.2, which is
translated through my router to 64.142.102.10, cannot connect to the
internet. And, whenever puTTY attempts to remote control the server,
the login process is very slow between inputting the user name then
password.
My gut tells me the problems may be related.
My pf rules on my router are as such:
# $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or
net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
#Macros
ext_ip="64.142.102.8"
local_int_ip="192.168.0.1"
local_int_block="192.168.0.0/24"
dmz_ip="192.168.1.1"
dmz_block="{ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4,
192.168.1.5 }"
dmz_www_ip="64.142.102.9"
local_www_ip="192.168.1.4"
#DNS Server
dmz_scarlett_ip="64.142.102.10"
dmz_shelly_ip="64.142.102.11"
local_scarlett_ip="192.168.1.2"
local_shelly_ip="192.168.1.3"
dmz_qmail_ip="64.142.102.12"
local_qmail_ip="192.168.1.4"
tcp_services= "( ssh, smtp, domain, www, pop3 )"
udp_services= "( domain )"
#normalizing
#scrub in all
#NAT and Binat
nat on rl0 from $local_int_block to any -> $ext_ip
binat on rl0 from $local_www_ip to any -> $dmz_www_ip
binat on rl0 from $local_scarlett_ip to any -> $dmz_scarlett_ip
binat on rl0 from $local_shelly_ip to any -> $dmz_shelly_ip
binat on rl0 from $local_qmail_ip to any -> $dmz_qmail_ip
#Default block policy
#block all
#Anti-spoofing
#block in quick from urpf-failed
#Traffic passing through
pass in all
pass out all
#External interfaces
#pass in on rl0 inet proto { tcp, udp } all modulate state
#pass out on rl0 proto { tcp, udp, icmp } all modulate state
The block and external interface rules are commented for
troubleshooting operations as I've been working with this problem to
try and resolve it.
DNS resolution does seem probably, neither DNS computers nor my WWW
computer can ping their respective name servers, but the ssh connection
that exists between my computer and the servers is still shaky besides
the long response time. For instance, the servers sometimes unexpectedly
close the connections. Do you have any other ideas?
