Hi Neal,
On Sun, Dec 14, 2008 at 10:15:30AM -0600, Neal Hogan wrote:
| Hello,
|
| First, *sh /etc/netstart em0* (as root) looks as though it works . . . it
| says that the address is renewed and *ifconfig* output says that em0 is UP,
| RUNNING and active. Yet, I cannot get beyond my router. That is, I can log
| into my router but can't browse the web or log into another machine beyond
| my router.
This sounds like an issue with your default gateway. What's in your
/etc/hostname.* and /etc/mygate ? Why are you running `sh
/etc/netstart em0` on a working system ? Was there an issue before you
were trying to fix ? If so, what issue (this may be related to the
problem you're seeing after the netstart of em0). At least show us
your routing table (netstat -rnf inet) after running netstart em0
(I'm betting these two bytes ('**') on a missing default gateway).
| Second, I've recently started to learn pf and setting up a server. As I say
| above, I can log into my router and have recently opened ports 22 and 80 on
| its firewall to allow such traffic to my oBSD box. I have another machine
| running XP with a wifi connection to the same router. However, sometimes the
| wifi connection gets messed up . . . the default gateway gets incorrectly
| assigned. The way to re-establish the wifi connection (i.e., get a correct
| default gateway) is to disconnect my oBSD box from the router and *repair*
| the wifi connection on the XP box.
Wait .. is your router running OpenBSD too ? I'm not quite sure how
you've set things up. Is your oBSD box running a DHCP server, by any
chance ?
| Now, when I plug the ethernet back into the oBSD box and *sh /etc/netstart
| em0* I have the first problem above. When I reboot the machine the
| connection works fine and my wifi is fine. (It seems that the wifi needs to
| be connected before em0 is connected. If em0 is established before the wifi
| we get the second problem.)
|
| Note that my IP addresses are dynamically assigned and I've recently set up
| and account with dyndns.com and installed/enabled ddclient. Below are my
| dmesg, ifconfig output, and pf.conf (it's a temporary configuration, to work
| things out).
Who does this dynamic assigning of IP addresses ? And what addresses
are assigned ?
I'm sorry, I may be too sleepy, but your description is a bit too
vague and missing some important bits of info. From your description I
gather that your OpenBSD machine is running a DHCP server that gives
the Windows XP machine a not-so-useful default gateway.
Cheers,
Paul 'WEiRD' de Weerd
| What do you think?
|
| Thanks in advance!
|
| OpenBSD 4.4-current (GENERIC) #1955: Fri Dec 12 23:37:32 MST 2008
| [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
| real mem = 2058493952 (1963MB)
| avail mem = 1998495744 (1905MB)
| mainbus0 at root
| bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (74 entries)
| bios0: vendor LENOVO version "7UET43WW (1.13 )" date 08/19/2008
| bios0: LENOVO 7417CTO
| acpi0 at bios0: rev 2
| acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT
| TCPA SSDT SSDT SSDT
| acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4)
| EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3)
| USB2(S3) USB3(S3) USB4(S3) USB5(S3) EHC0(S3) EHC1(S3) HDEF(S4)
| acpitimer0 at acpi0: 3579545 Hz, 24 bits
| acpihpet0 at acpi0: 14318179 Hz
| acpiprt0 at acpi0: bus 0 (PCI0)
| acpiprt1 at acpi0: bus -1 (AGP_)
| acpiprt2 at acpi0: bus 2 (EXP0)
| acpiprt3 at acpi0: bus 3 (EXP1)
| acpiprt4 at acpi0: bus -1 (EXP2)
| acpiprt5 at acpi0: bus 5 (EXP3)
| acpiprt6 at acpi0: bus 13 (EXP4)
| acpiprt7 at acpi0: bus 21 (PCI1)
| acpiec0 at acpi0
| acpicpu0 at acpi0: C3, C2, C1, PSS
| acpitz0 at acpi0: critical temperature 127 degC
| acpitz1 at acpi0: critical temperature 100 degC
| acpibtn0 at acpi0: LID_
| acpibtn1 at acpi0: SLPB
| acpibat0 at acpi0: BAT0 model "42T5225" serial 3388 type LION oem "Panasonic"
| acpibat1 at acpi0: BAT1 not present
| acpiac0 at acpi0: AC unit online
| acpithinkpad0 at acpi0
| acpidock at acpi0 not configured
| acpivideo at acpi0 not configured
| acpivideo at acpi0 not configured
| cpu0 at mainbus0: (uniprocessor)
| cpu0: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.29 MHz
| cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG
| cpu0: 3MB 64b/line 8-way L2 cache
| cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2401, 2400, 1600, 800 MHz
| pci0 at mainbus0 bus 0: configuration mode 1
| pchb0 at pci0 dev 0 function 0 "Intel GM45 Host" rev 0x07
| vga1 at pci0 dev 2 function 0 "Intel GM45 Video" rev 0x07
| wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
| wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
| intagp at vga1 not configured
| inteldrm0 at vga1: irq 11
| drm0 at inteldrm0: couldn't find agp
| "Intel GM45 Video" rev 0x07 at pci0 dev 2 function 1 not configured
| "Intel GM45 HECI" rev 0x07 at pci0 dev 3 function 0 not configured
| em0 at pci0 dev 25 function 0 "Intel ICH9 IGP M AMT" rev 0x03: irq 11,
| address 00:1e:37:d9:cc:ed
| uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x03: irq 11
| uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x03: irq 11
| uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x03: irq 11
| ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x03: irq 11
| usb0 at ehci0: USB revision 2.0
| uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
| azalia0 at pci0 dev 27 function 0 "Intel 82801I HD Audio" rev 0x03: irq 11
| azalia0: codecs: Conexant CX20561
| audio0 at azalia0
| ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x03: irq 11
| pci1 at ppb0 bus 2
| ppb1 at pci0 dev 28 function 1 "Intel 82801I PCIE" rev 0x03: irq 11
| pci2 at ppb1 bus 3
| ath0 at pci2 dev 0 function 0 "Atheros AR5424" rev 0x01: irq 11
| ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR02W, address 00:22:69:86:96:77
| ppb2 at pci0 dev 28 function 3 "Intel 82801I PCIE" rev 0x03: irq 11
| pci3 at ppb2 bus 5
| ppb3 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x03: irq 11
| pci4 at ppb3 bus 13
| uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x03: irq 11
| uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x03: irq 11
| uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x03: irq 11
| ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x03: irq 11
| usb1 at ehci1: USB revision 2.0
| uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
| ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x93
| pci5 at ppb4 bus 21
| cbb0 at pci5 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xba: irq 11
| "Ricoh 5C832 Firewire" rev 0x04 at pci5 dev 0 function 1 not configured
| cardslot0 at cbb0 slot 0 flags 0
| cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0
| pcmcia0 at cardslot0
| pcib0 at pci0 dev 31 function 0 "Intel 82801IEM LPC" rev 0x03
| ahci0 at pci0 dev 31 function 2 "Intel 82801I AHCI" rev 0x03: irq 11, AHCI 1.2
| scsibus0 at ahci0: 32 targets, initiator 32
| sd0 at scsibus0 targ 0 lun 0: <ATA, HITACHI HTS72201, DCDZ> SCSI3 0/direct
fixed
| sd0: 152627MB, 512 bytes/sec, 312581808 sec total
| cd0 at scsibus0 targ 1 lun 0: <HL-DT-ST, RW/DVD MU10N, 1.05> ATAPI
| 5/cdrom removable
| ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x03: irq 11
| iic0 at ichiic0
| usb2 at uhci0: USB revision 1.0
| uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| usb3 at uhci1: USB revision 1.0
| uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| usb4 at uhci2: USB revision 1.0
| uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| usb5 at uhci3: USB revision 1.0
| uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| usb6 at uhci4: USB revision 1.0
| uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| usb7 at uhci5: USB revision 1.0
| uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| isa0 at pcib0
| isadma0 at isa0
| pckbc0 at isa0 port 0x60/5
| pckbd0 at pckbc0 (kbd slot)
| pckbc0: using irq 1 for kbd slot
| wskbd0 at pckbd0: console keyboard, using wsdisplay0
| pms0 at pckbc0 (aux slot)
| pckbc0: using irq 12 for aux slot
| wsmouse0 at pms0 mux 0
| pcppi0 at isa0 port 0x61
| midi0 at pcppi0: <PC speaker>
| spkr0 at pcppi0
| aps0 at isa0 port 0x1600/31
| mtrr: Pentium Pro MTRR support
| softraid0 at root
| root on sd0a swap on sd0b dump on sd0b
|
|
| lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33160
| priority: 0
| groups: lo
| inet 127.0.0.1 netmask 0xff000000
| inet6 ::1 prefixlen 128
| inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
| em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
| lladdr 00:1e:37:d9:cc:ed
| priority: 0
| groups: egress
| media: Ethernet autoselect (100baseTX full-duplex)
| status: active
| inet6 fe80::21e:37ff:fed9:cced%em0 prefixlen 64 scopeid 0x1
| inet 192.168.1.65 netmask 0xffffff00 broadcast 192.168.1.255
| ath0: flags=8822<BROADCAST,NOTRAILERS,SIMPLEX,MULTICAST> mtu 1500
| lladdr 00:22:69:86:96:77
| priority: 0
| groups: wlan
| media: IEEE802.11 autoselect
| status: no network
| ieee80211: nwid ""
| enc0: flags=0<> mtu 1536
| priority: 0
| pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33160
| priority: 0
| groups: pflog
|
|
|
|
|
|
| # $OpenBSD: pf.conf,v 1.37 2008/05/09 06:04:08 reyk Exp $
| #
| # See pf.conf(5) for syntax and examples.
| # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
| # in /etc/sysctl.conf if packets are to be forwarded between interfaces.
| #########################################################################
| ############################# MACROS ##############################
| #########################################################################
|
| ext_if="em0"
| #int_if="int0"
| #wifi_if="ath0"
|
| #dyn_dns="99.135.171.64" # DynDNS IP (i.e., external IP)
| #int_ip="192.168.1.0/24" # Interanl IP
|
| #tcp_services="22" # 22 = ssh port
| #icmp_types="echoreq"
|
| #########################################################################
| ########################### runtime options #############################
| #########################################################################
|
| #set block-policy drop
|
| #set loginterface $ext_if # log all on ext_if
|
| set skip on lo
|
| #scrub in all no-df random-id fragment reassemble
| ######################################
| # Options: *no-df* clears the *don't fragment* bit that
| # some packets have attached to them. Without
| # this option those packets will be dropped.
| # *random-id* works with the above option to
| # assign *no-df pakcets* with a random id.
| # *fragment reassemble* assembles packet fragments
| # before being filtered.
| #######################################
|
| #########################################################################
| ############################ NAT rules ##################################
| #########################################################################
|
| #nat on $ext_if from $int_ip to any -> $dyn_dns
| #nat on $ext_if from $dyn_dns to any -> $int_ip
| ############################################
| # This rule translates the dynamic internal address
| # to the set (DynDSN) IP address
| ############################################
|
| #########################################################################
| ############################ filter rules ###############################
| #########################################################################
|
| #block in # default block all
| #pass out keep state # allow all stuff out
|
| #antispoof log quick for {lo $wifi_if $ext_if} # get rid of bad stuff
|
| #pass in on $ext_if inet proto tcp from any to ($ext_if) \
| # port ssh
|
| #pass in inet proto icmp all icmp_type $icmp_types keep state
|
| pass quick from any to any
|
| --
| www.nealhogan.net
|
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
