I'm re-adding misc@, maybe this can help someone searching the
archives some day (there seems to be no private information in your
mail, hope you don't mind).
| > This sounds like an issue with your default gateway. What's in your
| > /etc/hostname.* and /etc/mygate ? Why are you running `sh
| > /etc/netstart em0` on a working system ? Was there an issue before you
| > were trying to fix ? If so, what issue (this may be related to the
| > problem you're seeing after the netstart of em0). At least show us
| > your routing table (netstat -rnf inet) after running netstart em0
| > (I'm betting these two bytes ('**') on a missing default gateway).
| >
There's a couple of options.
a) your router (probably also your DHCP server) is broken (or
configured in strange and interesting ways)
b) there's a rogue DHCP server on your network (you have wireless,
connected right ? Is that properly secured ? Maybe your neighbour
is running a DHCP sever)
c) you think you're not, but you're still running a DHCP server on
your machine (explains the issues with XP working when openbsd is
disconnected)
d) something else is wrong (catch-all ;)
In any case, try to tcpdump a bit on your em0 interface :
sudo tcpdump -nepvvs 1500 -i em0 port 67
You should see DHCP requests and offers pass by while you're
netstarting em0. Look at the MAC address of the machine that sends you
an offer. Is this the MAC address of a machine you know ? Your
router ? Some forgotten machine ? ;)
In the netstat output you sent, the default gateway changes from
192.168.1.254 to 192.168.1.1 after you netstart em0. If .254 is the
correct gateway you should be using, it is no wonder things break
afterwards.
Having two DHCP servers on one broadcast domain is asking for trouble
unless a) you know what you're doing and/or b) the servers are "in
sync" somehow. It looks like you have two DHCP servers and do not fall
in either category ;)
| In my *hostname.em0*: dhcp NONE NONE NONE
| I have no */etc/mygate*
|
| The only reason that I *sh /etc/netstart*ed was because after reconnecting
| the oBSD box to the router, I didn't have web access.
So, it didn't work .. you tried netstart em0 and the result is that it
still doesn't work ? Does not seem like much has changed.
| Below are my routing tables (before and after), which shows that *sh
| /eec/netstart* is assigning the wrong gateway.
Actually, it is not netstart assinging the wrong gateway. This is done
by dhclient, the DHCP client program which requests a DHCP LEASE from
the network and installs the lease + the route it learns from the DHCP
OFFER some DHCP server sends it.
| before sh /etc/netstart . . .
|
| Routing tables
|
| Internet:
| Destination Gateway Flags Refs Use Mtu Prio Iface
| default 192.168.1.254 UGS 8 4046 - 8 em0
| 127/8 127.0.0.1 UGRS 0 0 33160 8 lo0
| 127.0.0.1 127.0.0.1 UH 2 57 33160 4 lo0
| 192.168.1/24 link#1 UC 1 0 - 4 em0
| 192.168.1.65 127.0.0.1 UGHS 0 0 33160 8 lo0
| 192.168.1.254 00:1f:b3:31:b4:c1 UHLc 1 354 - 4 em0
| 224/4 127.0.0.1 URS 0 0 33160 8 lo0
|
|
| after sh /etc/netstart . . .
|
| Routing tables
|
| Internet:
| Destination Gateway Flags Refs Use Mtu Prio Iface
| default 192.168.1.1 UGS 2 33 - 8 em0
| 127/8 127.0.0.1 UGRS 0 0 33160 8 lo0
| 127.0.0.1 127.0.0.1 UH 2 57 33160 4 lo0
| 192.168.1/24 link#1 UC 3 0 - 4 em0
| 192.168.1.1 link#1 UHLc 1 0 - 4 em0
| 192.168.1.3 link#1 UHLc 1 4 - 4 em0
| 192.168.1.5 link#1 UHLc 0 3 - 4 em0
| 192.168.1.65 127.0.0.1 UGHS 0 0 33160 8 lo0
| 224/4 127.0.0.1 URS 0 0 33160 8 lo0
|
|
|
| >
| > | Second, I've recently started to learn pf and setting up a server. As I
| > say
| > | above, I can log into my router and have recently opened ports 22 and 80
| > on
| > | its firewall to allow such traffic to my oBSD box. I have another machine
| > | running XP with a wifi connection to the same router. However, sometimes
| > the
| > | wifi connection gets messed up . . . the default gateway gets incorrectly
| > | assigned. The way to re-establish the wifi connection (i.e., get a
| > correct
| > | default gateway) is to disconnect my oBSD box from the router and
| > *repair*
| > | the wifi connection on the XP box.
| >
| > Wait .. is your router running OpenBSD too ? I'm not quite sure how
| > you've set things up. Is your oBSD box running a DHCP server, by any
| > chance ?
|
|
| My router is running its default/outta-the-box OS (it's a 2WIRE that I got
| from my ISP (AT&T) who, by the way, assings my (dynamic) IP's).
|
| My box is not running a DHCP server (i.e., rc.conf . . . DHCPD = NO).
Please verify this by running `ps wwwaux | grep dhcpd`
Cheers,
Paul 'WEiRD' de Weerd
| > | Now, when I plug the ethernet back into the oBSD box and *sh
| > /etc/netstart
| > | em0* I have the first problem above. When I reboot the machine the
| > | connection works fine and my wifi is fine. (It seems that the wifi needs
| > to
| > | be connected before em0 is connected. If em0 is established before the
| > wifi
| > | we get the second problem.)
| > |
| > | Note that my IP addresses are dynamically assigned and I've recently set
| > up
| > | and account with dyndns.com and installed/enabled ddclient. Below are my
| > | dmesg, ifconfig output, and pf.conf (it's a temporary configuration, to
| > work
| > | things out).
| >
| > Who does this dynamic assigning of IP addresses ? And what addresses
| > are assigned ?
|
|
| DynDNS.com is a service that manages my IPs to a single domain name.
|
| >
| > I'm sorry, I may be too sleepy, but your description is a bit too
| > vague and missing some important bits of info. From your description I
| > gather that your OpenBSD machine is running a DHCP server that gives
| > the Windows XP machine a not-so-useful default gateway.
|
|
| Again, thanks for your help.
|
| >
| >
| > Cheers,
| >
| > Paul 'WEiRD' de Weerd
| >
| > | What do you think?
| > |
| > | Thanks in advance!
| > |
| > | OpenBSD 4.4-current (GENERIC) #1955: Fri Dec 12 23:37:32 MST 2008
| > | [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
| > | real mem = 2058493952 (1963MB)
| > | avail mem = 1998495744 (1905MB)
| > | mainbus0 at root
| > | bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (74 entries)
| > | bios0: vendor LENOVO version "7UET43WW (1.13 )" date 08/19/2008
| > | bios0: LENOVO 7417CTO
| > | acpi0 at bios0: rev 2
| > | acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT
| > | TCPA SSDT SSDT SSDT
| > | acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4)
| > | EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3)
| > | USB2(S3) USB3(S3) USB4(S3) USB5(S3) EHC0(S3) EHC1(S3) HDEF(S4)
| > | acpitimer0 at acpi0: 3579545 Hz, 24 bits
| > | acpihpet0 at acpi0: 14318179 Hz
| > | acpiprt0 at acpi0: bus 0 (PCI0)
| > | acpiprt1 at acpi0: bus -1 (AGP_)
| > | acpiprt2 at acpi0: bus 2 (EXP0)
| > | acpiprt3 at acpi0: bus 3 (EXP1)
| > | acpiprt4 at acpi0: bus -1 (EXP2)
| > | acpiprt5 at acpi0: bus 5 (EXP3)
| > | acpiprt6 at acpi0: bus 13 (EXP4)
| > | acpiprt7 at acpi0: bus 21 (PCI1)
| > | acpiec0 at acpi0
| > | acpicpu0 at acpi0: C3, C2, C1, PSS
| > | acpitz0 at acpi0: critical temperature 127 degC
| > | acpitz1 at acpi0: critical temperature 100 degC
| > | acpibtn0 at acpi0: LID_
| > | acpibtn1 at acpi0: SLPB
| > | acpibat0 at acpi0: BAT0 model "42T5225" serial 3388 type LION oem
| > "Panasonic"
| > | acpibat1 at acpi0: BAT1 not present
| > | acpiac0 at acpi0: AC unit online
| > | acpithinkpad0 at acpi0
| > | acpidock at acpi0 not configured
| > | acpivideo at acpi0 not configured
| > | acpivideo at acpi0 not configured
| > | cpu0 at mainbus0: (uniprocessor)
| > | cpu0: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.29 MHz
| > | cpu0:
| >
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG
| > | cpu0: 3MB 64b/line 8-way L2 cache
| > | cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2401, 2400, 1600, 800 MHz
| > | pci0 at mainbus0 bus 0: configuration mode 1
| > | pchb0 at pci0 dev 0 function 0 "Intel GM45 Host" rev 0x07
| > | vga1 at pci0 dev 2 function 0 "Intel GM45 Video" rev 0x07
| > | wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
| > | wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
| > | intagp at vga1 not configured
| > | inteldrm0 at vga1: irq 11
| > | drm0 at inteldrm0: couldn't find agp
| > | "Intel GM45 Video" rev 0x07 at pci0 dev 2 function 1 not configured
| > | "Intel GM45 HECI" rev 0x07 at pci0 dev 3 function 0 not configured
| > | em0 at pci0 dev 25 function 0 "Intel ICH9 IGP M AMT" rev 0x03: irq 11,
| > | address 00:1e:37:d9:cc:ed
| > | uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x03: irq 11
| > | uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x03: irq 11
| > | uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x03: irq 11
| > | ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x03: irq 11
| > | usb0 at ehci0: USB revision 2.0
| > | uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
| > | azalia0 at pci0 dev 27 function 0 "Intel 82801I HD Audio" rev 0x03: irq
| > 11
| > | azalia0: codecs: Conexant CX20561
| > | audio0 at azalia0
| > | ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x03: irq 11
| > | pci1 at ppb0 bus 2
| > | ppb1 at pci0 dev 28 function 1 "Intel 82801I PCIE" rev 0x03: irq 11
| > | pci2 at ppb1 bus 3
| > | ath0 at pci2 dev 0 function 0 "Atheros AR5424" rev 0x01: irq 11
| > | ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR02W, address 00:22:69:86:96:77
| > | ppb2 at pci0 dev 28 function 3 "Intel 82801I PCIE" rev 0x03: irq 11
| > | pci3 at ppb2 bus 5
| > | ppb3 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x03: irq 11
| > | pci4 at ppb3 bus 13
| > | uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x03: irq 11
| > | uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x03: irq 11
| > | uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x03: irq 11
| > | ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x03: irq 11
| > | usb1 at ehci1: USB revision 2.0
| > | uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
| > | ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x93
| > | pci5 at ppb4 bus 21
| > | cbb0 at pci5 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xba: irq 11
| > | "Ricoh 5C832 Firewire" rev 0x04 at pci5 dev 0 function 1 not configured
| > | cardslot0 at cbb0 slot 0 flags 0
| > | cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0
| > | pcmcia0 at cardslot0
| > | pcib0 at pci0 dev 31 function 0 "Intel 82801IEM LPC" rev 0x03
| > | ahci0 at pci0 dev 31 function 2 "Intel 82801I AHCI" rev 0x03: irq 11,
| > AHCI 1.2
| > | scsibus0 at ahci0: 32 targets, initiator 32
| > | sd0 at scsibus0 targ 0 lun 0: <ATA, HITACHI HTS72201, DCDZ> SCSI3
| > 0/direct fixed
| > | sd0: 152627MB, 512 bytes/sec, 312581808 sec total
| > | cd0 at scsibus0 targ 1 lun 0: <HL-DT-ST, RW/DVD MU10N, 1.05> ATAPI
| > | 5/cdrom removable
| > | ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x03: irq 11
| > | iic0 at ichiic0
| > | usb2 at uhci0: USB revision 1.0
| > | uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| > | usb3 at uhci1: USB revision 1.0
| > | uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| > | usb4 at uhci2: USB revision 1.0
| > | uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| > | usb5 at uhci3: USB revision 1.0
| > | uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| > | usb6 at uhci4: USB revision 1.0
| > | uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| > | usb7 at uhci5: USB revision 1.0
| > | uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1
| > | isa0 at pcib0
| > | isadma0 at isa0
| > | pckbc0 at isa0 port 0x60/5
| > | pckbd0 at pckbc0 (kbd slot)
| > | pckbc0: using irq 1 for kbd slot
| > | wskbd0 at pckbd0: console keyboard, using wsdisplay0
| > | pms0 at pckbc0 (aux slot)
| > | pckbc0: using irq 12 for aux slot
| > | wsmouse0 at pms0 mux 0
| > | pcppi0 at isa0 port 0x61
| > | midi0 at pcppi0: <PC speaker>
| > | spkr0 at pcppi0
| > | aps0 at isa0 port 0x1600/31
| > | mtrr: Pentium Pro MTRR support
| > | softraid0 at root
| > | root on sd0a swap on sd0b dump on sd0b
| > |
| > |
| > | lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33160
| > | priority: 0
| > | groups: lo
| > | inet 127.0.0.1 netmask 0xff000000
| > | inet6 ::1 prefixlen 128
| > | inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
| > | em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
| > | lladdr 00:1e:37:d9:cc:ed
| > | priority: 0
| > | groups: egress
| > | media: Ethernet autoselect (100baseTX full-duplex)
| > | status: active
| > | inet6 fe80::21e:37ff:fed9:cced%em0 prefixlen 64 scopeid 0x1
| > | inet 192.168.1.65 netmask 0xffffff00 broadcast 192.168.1.255
| > | ath0: flags=8822<BROADCAST,NOTRAILERS,SIMPLEX,MULTICAST> mtu 1500
| > | lladdr 00:22:69:86:96:77
| > | priority: 0
| > | groups: wlan
| > | media: IEEE802.11 autoselect
| > | status: no network
| > | ieee80211: nwid ""
| > | enc0: flags=0<> mtu 1536
| > | priority: 0
| > | pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33160
| > | priority: 0
| > | groups: pflog
| > |
| > |
| > |
| > |
| > |
| > |
| > | # $OpenBSD: pf.conf,v 1.37 2008/05/09 06:04:08 reyk Exp $
| > | #
| > | # See pf.conf(5) for syntax and examples.
| > | # Remember to set net.inet.ip.forwarding=1 and/or
| > net.inet6.ip6.forwarding=1
| > | # in /etc/sysctl.conf if packets are to be forwarded between interfaces.
| > | #########################################################################
| > | ############################# MACROS ##############################
| > | #########################################################################
| > |
| > | ext_if="em0"
| > | #int_if="int0"
| > | #wifi_if="ath0"
| > |
| > | #dyn_dns="99.135.171.64" # DynDNS IP (i.e., external IP)
| > | #int_ip="192.168.1.0/24" # Interanl IP
| > |
| > | #tcp_services="22" # 22 = ssh port
| > | #icmp_types="echoreq"
| > |
| > | #########################################################################
| > | ########################### runtime options #############################
| > | #########################################################################
| > |
| > | #set block-policy drop
| > |
| > | #set loginterface $ext_if # log all on ext_if
| > |
| > | set skip on lo
| > |
| > | #scrub in all no-df random-id fragment reassemble
| > | ######################################
| > | # Options: *no-df* clears the *don't fragment* bit that
| > | # some packets have attached to them. Without
| > | # this option those packets will be dropped.
| > | # *random-id* works with the above option to
| > | # assign *no-df pakcets* with a random id.
| > | # *fragment reassemble* assembles packet fragments
| > | # before being filtered.
| > | #######################################
| > |
| > | #########################################################################
| > | ############################ NAT rules ##################################
| > | #########################################################################
| > |
| > | #nat on $ext_if from $int_ip to any -> $dyn_dns
| > | #nat on $ext_if from $dyn_dns to any -> $int_ip
| > | ############################################
| > | # This rule translates the dynamic internal address
| > | # to the set (DynDSN) IP address
| > | ############################################
| > |
| > | #########################################################################
| > | ############################ filter rules ###############################
| > | #########################################################################
| > |
| > | #block in # default block all
| > | #pass out keep state # allow all stuff out
| > |
| > | #antispoof log quick for {lo $wifi_if $ext_if} # get rid of bad stuff
| > |
| > | #pass in on $ext_if inet proto tcp from any to ($ext_if) \
| > | # port ssh
| > |
| > | #pass in inet proto icmp all icmp_type $icmp_types keep state
| > |
| > | pass quick from any to any
| > |
| > | --
| > | www.nealhogan.net
| > |
| >
| > --
| > >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
| > +++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
| > http://www.weirdnet.nl/
| >
|
|
|
| --
| www.nealhogan.net
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
