1. Why so many NAT rules ? 2. Your BSD Server only for home router and firewall device ? 3. You should read OpenBSD FAQ and PF FAQ 4. type man afterboot, from the command line.
BSD FAQ: http://www.openbsd.org/faq/index.html PF FAQ: http://www.openbsd.org/faq/pf/index.html After reading this, you should have a clear vision of your configuration. I hope this can help ! Jorge V -------- Original-Nachricht -------- > Datum: Mon, 5 Jan 2009 01:23:07 +0300 > Von: "Sergey Khentov" <[email protected]> > An: [email protected] > Betreff: OpenBSD on home router - error requesting several URLs > Hello there, > > I have a very little experience in OpenBSD and network configuration / > troubleshooting, so any advice / keyword to google / etc is welcome. > > Description: > > I have installed and configured OpenBSD 4.4-release to be used as a > gateway to Internet (via ADSL modem). > > ser...@gate:~ & uname -a > > OpenBSD gate.home.net 4.4 GENERIC#1021 i386 > > At the moment most of configuration work has been done: I can browse > Internet from my home network. But some sites are not accessible: when I > try to open an URL my browser thinks a lot of time (about 30 minutes - > after that I have stopped URL loading) and does not shows anything at > all! But when I try to open the same URL with lynx on OpenBSD - it opens > without any errors / delays / etc. The one example of the web-site - > battle.net. The other example - youtube.com. I have tried to open those > from Desktop PC with Windows XP and from Nokia N810, and the result is > the same, so I think it is OpenBSD-configuration error. Moreover, > traceroute from home network to e.g. battle.net reaches some Internet > servers. I have tried to search google and have asked this question on > one of *NIX-related forums and haven't get any solution of my problem. > Well, maybe you have any ideas? > > Here comes OpenBSD configuration: > > PC has 4 network cards: ath0 (this is also a wireless access-point), > rl0, rl1, rl2. rl0 is connected to home network, rl1 looks into local > area network (there are some common resources), rl2 is connected to > ADSL-modem (bridge mode). > > ser...@gate:~ & ifconfig > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33204 > groups: lo > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 > > ath0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu > 1500 > lladdr 00:1e:58:ad:74:d3 > groups: wlan > media: IEEE802.11 autoselect hostap > status: active > ieee80211: nwid homenet chan 1 bssid 00:1e:58:ad:74:d3 nwkey <not > displayed> > inet 192.168.2.254 netmask 0xffffff00 broadcast 192.168.2.255 > inet6 fe80::21e:58ff:fead:74d3%ath0 prefixlen 64 scopeid 0x1 > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:e0:4c:e9:c5:dc > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255 > inet6 fe80::2e0:4cff:fee9:c5dc%rl0 prefixlen 64 scopeid 0x2 > rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:11:6b:3f:16:02 > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet6 fe80::211:6bff:fe3f:1602%rl1 prefixlen 64 scopeid 0x3 > inet 10.0.55.43 netmask 0xffffff00 broadcast 10.0.55.255 > rl2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1400 > lladdr 00:11:6b:96:70:48 > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet6 fe80::211:6bff:fe96:7048%rl2 prefixlen 64 scopeid 0x4 > enc0: flags=0<> mtu 1536 > pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1392 > dev: rl2 state: session > sid: 0x2d27 PADI retries: 5 PADR retries: 0 time: 09:20:19 > sppp: phase network authproto pap > groups: pppoe egress > inet6 fe80::21e:58ff:fead:74d3%pppoe0 -> prefixlen 64 scopeid 0x7 > inet 78.37.41.134 --> 78.36.32.1 netmask 0xffffffff > pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33204 > groups: pflog > > ser...@gate:~ & cat /etc/pf.conf > # comments were stripped :) > cl_if="rl1" > adsl_if="pppoe0" > int_if="rl0" > wifi_if="ath0" > > nets_priv = "{ 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 }" > > set block-policy drop > set loginterface $adsl_if > > # scrub in all > > nat on $cl_if from $int_if:network to 10.0.11.0/24 -> ($cl_if) > nat on $cl_if from $wifi_if:network to 10.0.11.0/24 -> ($cl_if) > nat on $adsl_if from $int_if:network to any -> ($adsl_if) > nat on $adsl_if from $wifi_if:network to any -> ($adsl_if) > > ser...@gate:~ & route show -inet > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu Prio Iface > default 0.0.0.1 UGS 5 169770 - 48 pppoe0 > 10.0.1/24 core.drevlanka.ru UGS 0 5799 - 48 rl1 > 10.0.10/24 core.drevlanka.ru UGS 0 4 - 48 rl1 > 10.0.11/24 core.drevlanka.ru UGS 0 8951 - 48 rl1 > 10.0.55/24 link#3 UC 1 0 - 48 rl1 > cerber.drevlanka.r localhost UGHS 0 0 33204 48 lo0 > core.drevlanka.ru 00:13:21:c6:15:c7 UHLc 4 230 - 48 rl1 > ip78-36-32-1.onego ip78-37-41-134.one UH 0 0 - 48 pppoe0 > loopback localhost UGRS 0 0 33204 48 lo0 > localhost localhost UH 2 8 33204 48 lo0 > 192.168.1/24 link#2 UC 1 0 - 48 rl0 > 192.168.1.1 00:20:ed:6b:0e:77 UHLc 2 33338 - 48 rl0 > 192.168.2/24 link#1 UC 1 0 - 48 ath0 > 192.168.2.1 link#1 UHLc 2 2918 - 48 ath0 > BASE-ADDRESS.MCAST localhost URS 0 0 33204 48 lo0 > > I don't know if it will help, but dmesg comes below my signature. > > -- > BR, > Sergey Khentov > > # I have removed lines 'pckbcintr: no dev for slot 1' from dmesg - they > # repeat 432 times > ser...@gate:~ & dmesg > ev for slot 1 > pckbcintr: no dev for slot 1 > syncing disks... done > rebooting... > OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 > [email protected]:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Intel Pentium III ("GenuineIntel" 686-class, 128KB L2 cache) 698 > MHz > cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT, > PSE36,MMX,FXSR,SSE > real mem = 267874304 (255MB) > avail mem = 250580992 (238MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 07/20/01, BIOS32 rev. 0 @ 0xfdaf0, > SMBIOS rev. 2.3 @ 0xf0600 (25 entries) > bios0: vendor American Megatrends Inc. version "062710" date 07/15/97 > bios0: American Megatrends Inc. Uknown > acpi0 at bios0: rev 0 > acpi0: tables DSDT FACP > acpi0: wakeup devices ICH_(S4) PS2K(S1) UAR1(S1) USB_(S1) SLPB(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 2 (ICH_) > acpicpu0 at acpi0: C3, C2 > acpibtn0 at acpi0: SLPB > bios0: ROM list: 0xc0000/0x10000 > cpu0 at mainbus0 > pci0 at mainbus0 bus 0: configuration mode 1 (no bios) > pchb0 at pci0 dev 0 function 0 "Intel 82815 Host" rev 0x04 > ppb0 at pci0 dev 1 function 0 "Intel 82815 AGP" rev 0x04 > pci1 at ppb0 bus 1 > vga1 at pci1 dev 0 function 0 "NVIDIA Vanta" rev 0x15 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > agp0 at vga1: aperture at 0xe8000000, size 0x2400000 > drm at vga1 unsupported > ppb1 at pci0 dev 30 function 0 "Intel 82801AA Hub-to-PCI" rev 0x02 > pci2 at ppb1 bus 2 > ath0 at pci2 dev 10 function 0 "Atheros AR5212" rev 0x01: irq 9 > ath0: AR2414 7.9 phy 4.5 rf2413 5.6, ETSI4W, address 00:1e:58:ad:74:d3 > rl0 at pci2 dev 11 function 0 "Realtek 8139" rev 0x10: irq 11, address > 00:e0:4c:e9:c5:dc > rlphy0 at rl0 phy 0: RTL internal PHY > rl1 at pci2 dev 13 function 0 "Realtek 8139" rev 0x10: irq 12, address > 00:11:6b:3f:16:02 > rlphy1 at rl1 phy 0: RTL internal PHY > rl2 at pci2 dev 15 function 0 "Realtek 8139" rev 0x10: irq 10, address > 00:11:6b:96:70:48 > rlphy2 at rl2 phy 0: RTL internal PHY > ichpcib0 at pci0 dev 31 function 0 "Intel 82801AA LPC" rev 0x02 > pciide0 at pci0 dev 31 function 1 "Intel 82801AA IDE" rev 0x02: DMA, > channel 0 wired to compatibility, channel 1 wired to compatibility > wd0 at pciide0 channel 0 drive 0: <ST360021A> > wd0: 16-sector PIO, LBA, 57241MB, 117231408 sectors > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 > atapiscsi0 at pciide0 channel 1 drive 0 > scsibus0 at atapiscsi0: 2 targets, initiator 7 > cd0 at scsibus0 targ 0 lun 0: <ATAPI-CD, ROM-DRIVE-52MAX, 52CA> ATAPI > 5/cdrom removable > cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 > uhci0 at pci0 dev 31 function 2 "Intel 82801AA USB" rev 0x02: irq 10 > ichiic0 at pci0 dev 31 function 3 "Intel 82801AA SMBus" rev 0x02: irq 11 > iic0 at ichiic0 > spdmem0 at iic0 addr 0x51: 256MB SDRAM non-parity PC133CL3 > auich0 at pci0 dev 31 function 5 "Intel 82801AA AC97" rev 0x02: irq 11, > ICH AC97 > ac97: codec id 0x41445360 (Analog Devices AD1885) > ac97: codec features headphone, Analog Devices Phat Stereo > audio0 at auich0 > isa0 at ichpcib0 > isadma0 at isa0 > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo > pckbc0 at isa0 port 0x60/5 > pckbd0 at pckbc0 (kbd slot) > pckbc0: using irq 1 for kbd slot > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > pcppi0 at isa0 port 0x61 > midi0 at pcppi0: <PC speaker> > spkr0 at pcppi0 > lpt0 at isa0 port 0x378/4 irq 7 > it0 at isa0 port 0x2e/2: IT8712F rev 0x04, EC port 0x290 > npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 > fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 > fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec > usb0 at uhci0: USB revision 1.0 > uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > biomask ed65 netmask ff65 ttymask ffff > mtrr: Pentium Pro MTRR support > softraid0 at root > root on wd0a swap on wd0b dump on wd0b > pckbcintr: no dev for slot 1 -- Sensationsangebot verldngert: GMX FreeDSL - Telefonanschluss + DSL f|r nur 16,37 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K1308T4569a
