On Sun, Jan 4, 2009 at 3:23 PM, Sergey Khentov <[email protected]> wrote:
> I have a very little experience in OpenBSD and network configuration /
> troubleshooting, so any advice / keyword to google / etc is welcome.
>
> Description:
>
> I have installed and configured OpenBSD 4.4-release to be used as a
> gateway to Internet (via ADSL modem).
> At the moment most of configuration work has been done: I can browse
> Internet from my home network. But some sites are not accessible: when I
> try to open an URL my browser thinks a lot of time (about 30 minutes -
> after that I have stopped URL loading) and does not shows anything at
> all! But when I try to open the same URL with lynx on OpenBSD - it opens
> without any errors / delays / etc. The one example of the web-site -
> battle.net. The other example - youtube.com. I have tried to open those
> from Desktop PC with Windows XP and from Nokia N810, and the result is
> the same, so I think it is OpenBSD-configuration error. Moreover,
> traceroute from home network to e.g. battle.net reaches some Internet
> servers. I have tried to search google and have asked this question on
> one of *NIX-related forums and haven't get any solution of my problem.
> Well, maybe you have any ideas?
>
> Here comes OpenBSD configuration:
>
> PC has 4 network cards: ath0 (this is also a wireless access-point),
> rl0, rl1, rl2. rl0 is connected to home network, rl1 looks into local
> area network (there are some common resources), rl2 is connected to
> ADSL-modem (bridge mode).
>
> ser...@gate:~ & ifconfig
> pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1392
> dev: rl2 state: session
> sid: 0x2d27 PADI retries: 5 PADR retries: 0 time: 09:20:19
> sppp: phase network authproto pap
> groups: pppoe egress
> inet6 fe80::21e:58ff:fead:74d3%pppoe0 -> prefixlen 64 scopeid 0x7
> inet 78.37.41.134 --> 78.36.32.1 netmask 0xffffffff
> ser...@gate:~ & cat /etc/pf.conf
> # comments were stripped :)
> cl_if="rl1"
> adsl_if="pppoe0"
> int_if="rl0"
> wifi_if="ath0"
>
> nets_priv = "{ 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 }"
>
> set block-policy drop
> set loginterface $adsl_if
>
> # scrub in all
>
> nat on $cl_if from $int_if:network to 10.0.11.0/24 -> ($cl_if)
> nat on $cl_if from $wifi_if:network to 10.0.11.0/24 -> ($cl_if)
> nat on $adsl_if from $int_if:network to any -> ($adsl_if)
> nat on $adsl_if from $wifi_if:network to any -> ($adsl_if)
Welcome to the world of DSL, PPPoE and smaller MTU values. Man 4
pppoe will give you the details, but you need to add the following
line to your rules:
scrub out on $adsl_if all max-mss 1352
Cheers.
