Re: Networking/pf question, I am not sure ?

2020-05-11 Thread man Chan
 I find out the problem is in the unbound.conf file.  Now, my xeperia can use 
the internet.  Thanks you for your help..
Clarence



===original 
server:
    interface: 192.168.1.1
    interface: 127.0.0.1
    interface: ::1

    access-control: 127.0.0.0/8 allow
    access-control: 10.0.0.0/24 allow
    access-control: 0.0.0.0/0 refuse
    access-control: ::0/0 refuse
    access-control: ::1 allow

    do-not-query-localhost: no
    hide-identity: yes
    hide-version: yes

forward-zone:
    name: "."
    forward-addr: 64.6.64.6        # Verisign 
    forward-addr: 94.75.228.29    # chaos Computer Club
    forward-first: yes        #try direct if forwarder fails

==  changed unbound.conf===

server:
    interface: 192.168.1.1
    interface: 127.0.0.1
  
    access-control: 192.168.1.0/24 allow
    access-control: 127.0.0.0/8 allow
  
    do-not-query-localhost: no
    hide-identity: yes
    hide-version: yes

forward-zone:
    name: "."
    forward-addr: 64.6.64.6        # Verisign 
    forward-addr: 94.75.228.29    # chaos Computer Club
    forward-first: yes        #try direct if forwarder fails

==




man Chan () 在 2020年5月11日星期一 下午3:21:17 [GMT+8] 寫道:  
 
  


Here is all the config files of my openbsd-router.  traceroute yahoo.com.hk on 
my xperia (android) stop at ip of my openbsd-router.  There is nothing display 
on openbsd-router running tcpdump -eni pflog0.

dhclient.conf
append domain-name-servers 127.0.0.1;
==

dhcpd.conf-
#    $OpenBSD: dhcpd.conf,v 1.1 2014/07/11 21:20:10 deraadt Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#

# Network:        192.168.1.0/255.255.255.0
# Domain name:        my.domain
# Name servers:        192.168.1.3 and 192.168.1.5
# Default router:    192.168.1.1
# Addresses:        192.168.1.32 - 192.168.1.127
#
option  domain-name "my.domain";
#option  domain-name-servers 192.168.1.3, 192.168.1.5;

subnet 192.168.1.0 netmask 255.255.255.0 {
    option routers 192.168.1.1;
    option domain-name-servers 192.168.1.1;

    range 192.168.1.32 192.168.1.127;
}

 ==
pf.conf --
# The wirde and wireless interface of the LAN
wired="re0"
#wifi=""

# This is a table of non-routable addresses that will be used later
table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
           172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3    \
           192.168.0.0/16 192.18.0.0/15 198.51.100.0/24        \
           203.0.113.0/24 }

set block-policy drop
set loginterface egress
set skip on lo

# Normalize the traffic
match in all scrub (no-df random-id max-mss 1440)

# Perform NAT
match out on egress inet from !(egress:network) to any nat-to (egress:0)

block in quick on egress from  to any

block return out quick on egress from any to 

block all

pass out quick inet keep state

pass in on { $wired } inet

# Forward incoming connection ( on TCP port 40 and 443 ) to web server
#pass in on egress inet proto tcp from any to (egress) port { 80 443 } rdr-to 
192.168.1.2



resolv.conf--
# Generated by alc0 dhclient
nameserver 192.168.8.1
nameserver 127.0.0.1
lookup file bind


sysctl.conf-
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

=
unbound.conf  
server:
    interface: 192.168.1.1
    interface: 127.0.0.1
    interface: ::1

    access-control: 127.0.0.0/8 allow
    access-control: 10.0.0.0/24 allow
    access-control: 0.0.0.0/0 refuse
    access-control: ::0/0 refuse
    access-control: ::1 allow

    do-not-query-localhost: no
    hide-identity: yes
    hide-version: yes

forward-zone:
    name: "."
    forward-addr: 64.6.64.6        # Verisign 
    forward-addr: 94.75.228.29    # chaos Computer Club
    forward-first: yes        #try direct if forwarder fails


===
dmesg
OpenBSD 6.6-stable (GENERIC.MP) #1: Thu May  7 17:40:45 HKT 2020
    clare...@o66.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 6156845056 (5871MB)
avail mem = 5957545984 (5681MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfbe20 (23 entries)
bios0: vendor American Megatrends Inc. version "P1.20" date 11/30/2012
bios0: ASRock 960GM-VGS3 FX
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB AAFT HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) 
PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2K(S4) P0PC(S4) UHC1(S4) 
UHC2(S4) UHC3(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) II X4 630 Processor, 2805.89 MHz, 10-05-02

Re: Networking/pf question, I am not sure ?

2020-05-11 Thread man Chan
 


Here is all the config files of my openbsd-router.  traceroute yahoo.com.hk on 
my xperia (android) stop at ip of my openbsd-router.  There is nothing display 
on openbsd-router running tcpdump -eni pflog0.

dhclient.conf
append domain-name-servers 127.0.0.1;
==

dhcpd.conf-
#    $OpenBSD: dhcpd.conf,v 1.1 2014/07/11 21:20:10 deraadt Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#

# Network:        192.168.1.0/255.255.255.0
# Domain name:        my.domain
# Name servers:        192.168.1.3 and 192.168.1.5
# Default router:    192.168.1.1
# Addresses:        192.168.1.32 - 192.168.1.127
#
option  domain-name "my.domain";
#option  domain-name-servers 192.168.1.3, 192.168.1.5;

subnet 192.168.1.0 netmask 255.255.255.0 {
    option routers 192.168.1.1;
    option domain-name-servers 192.168.1.1;

    range 192.168.1.32 192.168.1.127;
}

 ==
pf.conf --
# The wirde and wireless interface of the LAN
wired="re0"
#wifi=""

# This is a table of non-routable addresses that will be used later
table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
           172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3    \
           192.168.0.0/16 192.18.0.0/15 198.51.100.0/24        \
           203.0.113.0/24 }

set block-policy drop
set loginterface egress
set skip on lo

# Normalize the traffic
match in all scrub (no-df random-id max-mss 1440)

# Perform NAT
match out on egress inet from !(egress:network) to any nat-to (egress:0)

block in quick on egress from  to any

block return out quick on egress from any to 

block all

pass out quick inet keep state

pass in on { $wired } inet

# Forward incoming connection ( on TCP port 40 and 443 ) to web server
#pass in on egress inet proto tcp from any to (egress) port { 80 443 } rdr-to 
192.168.1.2



resolv.conf--
# Generated by alc0 dhclient
nameserver 192.168.8.1
nameserver 127.0.0.1
lookup file bind


sysctl.conf-
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

=
unbound.conf  
server:
    interface: 192.168.1.1
    interface: 127.0.0.1
    interface: ::1

    access-control: 127.0.0.0/8 allow
    access-control: 10.0.0.0/24 allow
    access-control: 0.0.0.0/0 refuse
    access-control: ::0/0 refuse
    access-control: ::1 allow

    do-not-query-localhost: no
    hide-identity: yes
    hide-version: yes

forward-zone:
    name: "."
    forward-addr: 64.6.64.6        # Verisign 
    forward-addr: 94.75.228.29    # chaos Computer Club
    forward-first: yes        #try direct if forwarder fails


===
dmesg
OpenBSD 6.6-stable (GENERIC.MP) #1: Thu May  7 17:40:45 HKT 2020
    clare...@o66.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 6156845056 (5871MB)
avail mem = 5957545984 (5681MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfbe20 (23 entries)
bios0: vendor American Megatrends Inc. version "P1.20" date 11/30/2012
bios0: ASRock 960GM-VGS3 FX
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB AAFT HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) 
PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2K(S4) P0PC(S4) UHC1(S4) 
UHC2(S4) UHC3(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) II X4 630 Processor, 2805.89 MHz, 10-05-02
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,NODEID,ITSC
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu0: AMD erratum 721 detected and fixed
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) II X4 630 Processor, 2805.51 MHz, 10-05-02
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,NODEID,ITSC
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu1: DTLB 48 4KB 

Re: Networking/pf question, I am not sure ?

2020-05-10 Thread Kaya Saman

On 5/10/20 2:12 PM, Kaya Saman wrote:

On 5/10/20 2:04 PM, Tom Smyth wrote:

Hello Clarence,

you would need to provide some more information about your setup,

ip addresses on interfaces , what is your pf.conf etc...

In your experia ( I believe they are android)
you can download the  hurricane electric network tools  (HE network
tools)  (a free app to run rudimentary network diagnostic commands,
such as ping traceroute dns lookup tests to identify the problem
associated with your connection when using openBSD..
that would help you diagnose the source of the connectivity problems
you are having...
Hope this helps

Tom Smyth


On Sun, 10 May 2020 at 13:09, man Chan  wrote:

Hello,
I recently setup a home network as followings (Just for fun):
ISP  <> openbsd router (version 6.6 Stable) <--->  gigabits 
switch (TP-Link TL-SG1008D) <-> linksys ea8300 (with wireless)


everything works except that I can't use my sony xperia tablet to 
access internet using the wireless function provide by the 
linksys-ea8300.
When I replace the openbsd-router and switch with another wireless 
router, I can use my sony xperia to access the internet.  Does any 
one try this before ?

If yes, please let me to know how you do it.  Thanks.
Clarence




I totally agree with the suggestion by @Tom above!


Another good tool for Android is 'fing', it will give you access to 
Traceroute and Ping functions on your Xperia.



The first thing to try would be to see if the Xperia can communicate 
with the gateway (OpenBSD router) then if that is successful public IP 
addresses. If something strange is going on you can further run 
Traceroute to narrow down where the issue is occurring.



On the OpenBSD side, it could be a number of things like PF rules, 
routing, NAT but without further information it is basically a guess 
as to what it could be.


Just to elaborate here a little; you can run the 'tcpdump' program on 
OpenBSD to give you more information.



To get started: man tcpdump


If you want to see where the packets from the Xperia are traveling then 
something like:



tcpdump -eni (inside_interface) host (ip_of_Xperia)


For debugging PF rules a good start is to use: tcpdump -eni pflog0 <- 
you can further narrow things down by using the 'action' option eg. 
'block' / 'allow'



Hope this helps a little more :-)




Re: Networking/pf question, I am not sure ?

2020-05-10 Thread Kaya Saman

On 5/10/20 2:04 PM, Tom Smyth wrote:

Hello Clarence,

you would need to provide some more information about your setup,

ip addresses on interfaces , what is your pf.conf etc...

In your experia ( I believe they are android)
you can download the  hurricane electric network tools  (HE network
tools)  (a free app to run rudimentary network diagnostic commands,
such as ping traceroute dns lookup tests to identify the problem
associated with your connection when using openBSD..
that would help you diagnose the source of the connectivity problems
you are having...
Hope this helps

Tom Smyth


On Sun, 10 May 2020 at 13:09, man Chan  wrote:

Hello,
I recently setup a home network as followings (Just for fun):
ISP  <> openbsd router (version 6.6 Stable) <--->  gigabits switch (TP-Link 
TL-SG1008D) <-> linksys ea8300 (with wireless)

everything works except that I can't use my sony xperia tablet to access 
internet using the wireless function provide by the linksys-ea8300.
When I replace the openbsd-router and switch with another wireless router, I 
can use my sony xperia to access the internet.  Does any one try this before ?
If yes, please let me to know how you do it.  Thanks.
Clarence




I totally agree with the suggestion by @Tom above!


Another good tool for Android is 'fing', it will give you access to 
Traceroute and Ping functions on your Xperia.



The first thing to try would be to see if the Xperia can communicate 
with the gateway (OpenBSD router) then if that is successful public IP 
addresses. If something strange is going on you can further run 
Traceroute to narrow down where the issue is occurring.



On the OpenBSD side, it could be a number of things like PF rules, 
routing, NAT but without further information it is basically a guess as 
to what it could be.



Regards,


Kaya



Re: Networking/pf question, I am not sure ?

2020-05-10 Thread Tom Smyth
Hello Clarence,

you would need to provide some more information about your setup,

ip addresses on interfaces , what is your pf.conf etc...

In your experia ( I believe they are android)
you can download the  hurricane electric network tools  (HE network
tools)  (a free app to run rudimentary network diagnostic commands,
such as ping traceroute dns lookup tests to identify the problem
associated with your connection when using openBSD..
that would help you diagnose the source of the connectivity problems
you are having...
Hope this helps

Tom Smyth


On Sun, 10 May 2020 at 13:09, man Chan  wrote:
>
> Hello,
> I recently setup a home network as followings (Just for fun):
> ISP  <> openbsd router (version 6.6 Stable) <--->  gigabits switch 
> (TP-Link TL-SG1008D) <-> linksys ea8300 (with wireless)
>
> everything works except that I can't use my sony xperia tablet to access 
> internet using the wireless function provide by the linksys-ea8300.
> When I replace the openbsd-router and switch with another wireless router, I 
> can use my sony xperia to access the internet.  Does any one try this before ?
> If yes, please let me to know how you do it.  Thanks.
> Clarence



-- 
Kindest regards,
Tom Smyth.