PF : Syntax error using macro

2007-06-08 Thread Yggdrasill Senecoen 

Hello,


I have a little problem with my pf.conf, when I use macro containing two
or more interfaces, if I use these macros with the :network keyword on
nat rules pf tell me I've made syntax error.

Ex :
---


Ethernet=xl0
Wifi=ral0
Lan={ $Ethernet $Wifi }
Ext=rl0

nat on $Ext from $Lan:network to any - $Ext


This will return me an error.


And this will not :
---


Ethernet=xl0
Wifi=ral0
Lan={ $Ethernet $Wifi }
Ext=rl0

nat on $Ext from $Lan to any - $Ext


I want to have the same as making 2 nat rules with each his own
interface ($Ethernet and $Wifi), isn't possible ?


Thanks,



Yggdrasill

hostnames stored in an other file than /etc/hosts ?

2007-05-15 Thread Yggdrasill Senecoen 

Hi,


Since a few days I find out a strange stuff.
There is a device on my network which is on 172.16.85.1, associate with 
it's own hostname on my /etc/hosts file.
But when I try to reach this device using it's hostname my workstation 
try to reach this host with a bad ip address.


Typicaly :
--

#cat /etc/hosts|grep Caliphora
172.16.85.1 Caliphora cali
#ping Caliphora
PING Caliphora (10.0.0.113): 56 data bytes
--- Caliphora ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss


So, do OpenBSD save this information in an another file than /etc/hosts ?


Thanks for help,


Yanic.

Re: hostnames stored in an other file than /etc/hosts ?

2007-05-15 Thread Yggdrasill Senecoen 

Antti Harri wrote:

On Wed, 16 May 2007, Yggdrasill Senecoen wrote:

[snip]

So, do OpenBSD save this information in an another file than /etc/hosts ?


Check resolv.conf(5) and the lookup directive.



Forgot to add the lookup directive in my resolv.conf. It's working fine now.


Thanks,


Yanic

configuration's errors with pf ?

2007-05-10 Thread Yggdrasill Senecoen 

Hi,


Since I use an OpenBSD server as gateway, instead of a Linksys WRT54GL 
under OpenWRT, I find my network performances are worse than before.

I have high-latency, much deconnections and websites are often unreachable.

I don't know if it's due to hardware or configuration's errors in my 
pf.conf, all seems ok when i check cpu/memory/network on the gateway.


Here is my pf.conf, may be some mistakes in it which could explain this ?


#   $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

ext=rl0
int=xl0

Valistar={172.16.85.0/27}
Larry=172.16.85.27

Ssh_Larry=22
Ssh_Cyrrhus=443block in inet
Tcp_ports={21,53,80,443,6667,6697,8080}
Udp_ports={53}

set block-policy drop
set loginterface none
set optimization high-latency
set timeout interval 10
set timeout frag 30
set limit { frags 5000, states 2500 }
set state-policy if-bound
set skip on lo
scrub in all

nat on $ext inet from xl0:network to any - $ext
rdr on $ext proto tcp from any to any port $Ssh_Larry - $Larry

antispoof quick for {lo $int} inet

block in log quick inet6
block out log quick inet6
pass in log on $int from $Valistar to any flags S/SA keep state
pass out log on $int from any to $Valistar flags S/SA keep state

pass in quick on $int proto tcp from $Valistar to ($int) port 
$Ssh_Cyrrhus flags S/SA keep state
pass in on $ext proto tcp from any to any port $Tcp_ports flags S/SA 
keep state
pass in log on $ext proto tcp from any to any port $Ssh_Larry flags S/SA 
keep state
pass in log on $ext proto tcp from any to any port $Ssh_Cyrrhus flags 
S/SA keep state

pass in on $ext proto udp from any to any port $Udp_ports keep state
pass in log on $ext inet proto icmp all icmp-type 
{echorep,timex,unreach} keep state
pass in log on $int inet proto icmp all icmp-type 
{echoreq,echorep,timex,unreach} keep state

pass out log on $ext proto tcp all flags S/SA modulate state
pass out on $ext proto {udp,icmp} all keep state


Thanks for help.



Yanic