[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No outbound connections



How does pf actually use the name, does it resolve it when the rules are loaded, or is it resolved everytime the the rule is hit?

I'm also not sure why I lost my default route when pf failed to load.
-Jon

BShaw wrote:

Try adding the server names and ip addresses to the /etc/hosts. It speeds
up the time it takes for bsd machine to recognized other conected machines.




At 10:37 AM 1/16/2003 -0600, you wrote:


Hello,

I am attempting to build a new machine running OBSD 3.2-STABLE (GENERIC
with atapisci removed as the machine hung with it in, but same results
with GENERIC), and I'm having problems configuring my network connection.
The machine is configured via dhcp, and I am successfully obtaining a
lease, and can connect to the machine via ssh with out a problem.
The problem happens when I attempt to enable pf. If i start pf once the
machine is running, the rules load properly and I have a working outbound
connection. If I load them at boot time (via rc.conf.local) I get an error
message saying:

/etc/pf.conf:10: cannot resolve host1.domain.com: temporary failure in
name resolution
/etc/pf.conf:10: cannot resolve host2.domain.com: temporary failure in
name resolution

and once the machine boots I no longer have any outbound network access:

# ping XXX.XXX.XXX.XXX
PING XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): 56 data bytes
ping: sendto: No route to host
ping: wrote XXX.XXX.XXX.XXX 64 chars, ret=-1
ping: sendto: No route to host
ping: wrote XXX.XXX.XXX.XXX 64 chars, ret=-1
ping: sendto: No route to host
ping: wrote XXX.XXX.XXX.XXX 64 chars, ret=-1
--- XXX.XXX.XXX.XXX ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

Is there something simple I'm missing here?

Jon Coller

/etc/pf.conf:
ext_if = "ne3"
servers = "{ host1.domain.com, host2.domain.com }"
sub = "XXX.XXX.0.0/16"

pass in all
pass out all

block in all
pass  in  on $ext_if proto tcp from $sub to $ext_if port 22 keep state
pass  in  on $ext_if proto tcp from $servers to $ext_if port 80 keep state
pass  out on $ext_if proto { tcp, udp, icmp } all keep state

dmesg:
OpenBSD 3.2-stable (GENERIC) #1: Thu Jan 16 03:39:56 CST 2003
root_(_at_)_host3_(_dot_)_domain_(_dot_)_com:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (Coppermine) ("GenuineIntel" 686-class) 596 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SYS,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX


,FXSR,SIMD


real mem  = 267964416 (261684K)
avail mem = 242708480 (237020K)
using 3296 buffers containing 13500416 bytes (13184K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 07/11/02, BIOS32 rev. 0 @
0xfd7b1
pcibios0 at bios0: rev. 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xf1e60/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:02:0 ("VIA VT82C596A PCI-ISA" rev
0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xa000
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT82C691 Host-PCI" rev 0xc4
ppb0 at pci0 dev 1 function 0 "VIA VT82C598 PCI-AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "S3 Savage 4" rev 0x03
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 2 function 0 "VIA VT82C596A PCI-ISA" rev 0x12
pciide0 at pci0 dev 2 function 1 "VIA VT82C571 IDE" rev 0x06: ATA66,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: <QUANTUM FIREBALLP LM13>
wd0: 16-sector PIO, LBA, 12949MB, 16383 cyl, 16 head, 63 sec, 26520480
sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
drive at pciide0 channel 1 drive 0 not configured
pchb1 at pci0 dev 2 function 3 "VIA VT82C596 Power Mgmt" rev 0x20
ne3 at pci0 dev 15 function 0 "Realtek 8029" rev 0x00: irq 10
ne3: address 00:c0:f0:52:df:db
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 4040 netmask 4440 ttymask 54c2
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302



Visit your host, monkey.org