[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No outbound connections



Nick Holland gave a more precise answer than I wrote.  Probably what's
happening, pf started after the machine is booted will eventually resolve
the domain name with an ip address but slowly.  The boot process may not
allow pf 
enough time to do this so the offending line is timed out.  Pf need a DNS
server or the proper entry in /etc/hosts to allow rapid resolution.  

I had a similar problem.  I would try to SSH from a local windows machine
to my BSD firewall NAT machine but it would take 2-3 minutes for the logon
to happen. My BSD machine would log attempts to find my local machine with
an unavailable DNS server.  This was resolved by entering the ip address
and computer name of my windows machine in /etc/hosts.



At 11:52 AM 1/16/2003 -0600, you wrote:
>How does pf actually use the name, does it resolve it when the rules are 
>loaded, or is it resolved everytime the the rule is hit?
>
>I'm also not sure why I lost my default route when pf failed to load.
>-Jon
>
>BShaw wrote:
>
>>Try adding the server names and ip addresses to the /etc/hosts.  It speeds
>>up the time it takes for bsd machine to recognized other conected machines. 
>>
>>
>>
>>At 10:37 AM 1/16/2003 -0600, you wrote:
>>  
>>
>>>Hello,
>>>
>>>I am attempting to build a new machine running OBSD 3.2-STABLE (GENERIC
>>>with atapisci removed as the machine hung with it in, but same results
>>>with GENERIC), and I'm having problems configuring my network connection.
>>>The machine is configured via dhcp, and I am successfully obtaining a
>>>lease, and can connect to the machine via ssh with out a problem.
>>>The problem happens when I attempt to enable pf. If i start pf once the
>>>machine is running, the rules load properly and I have a working outbound
>>>connection. If I load them at boot time (via rc.conf.local) I get an error
>>>message saying:
>>>
>>>/etc/pf.conf:10: cannot resolve host1.domain.com: temporary failure in
>>>name resolution
>>>/etc/pf.conf:10: cannot resolve host2.domain.com: temporary failure in
>>>name resolution
>>>
>>>and once the machine boots I no longer have any outbound network access:
>>>
>>># ping XXX.XXX.XXX.XXX
>>>PING XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX): 56 data bytes
>>>ping: sendto: No route to host
>>>ping: wrote XXX.XXX.XXX.XXX 64 chars, ret=-1
>>>ping: sendto: No route to host
>>>ping: wrote XXX.XXX.XXX.XXX 64 chars, ret=-1
>>>ping: sendto: No route to host
>>>ping: wrote XXX.XXX.XXX.XXX 64 chars, ret=-1
>>>--- XXX.XXX.XXX.XXX ping statistics ---
>>>3 packets transmitted, 0 packets received, 100% packet loss
>>>
>>>Is there something simple I'm missing here?
>>>
>>>Jon Coller
>>>
>>>/etc/pf.conf:
>>>ext_if = "ne3"
>>>servers = "{ host1.domain.com, host2.domain.com }"
>>>sub = "XXX.XXX.0.0/16"
>>>
>>>pass in all
>>>pass out all
>>>
>>>block in all
>>>pass  in  on $ext_if proto tcp from $sub to $ext_if port 22 keep state
>>>pass  in  on $ext_if proto tcp from $servers to $ext_if port 80 keep state
>>>pass  out on $ext_if proto { tcp, udp, icmp } all keep state
>>>
>>>dmesg:
>>>OpenBSD 3.2-stable (GENERIC) #1: Thu Jan 16 03:39:56 CST 2003
>>>   root_(_at_)_host3_(_dot_)_domain_(_dot_)_com:/usr/src/sys/arch/i386/compile/GENERIC
>>>cpu0: Intel Pentium III (Coppermine) ("GenuineIntel" 686-class) 596 MHz
>>>cpu0:
>>>FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SYS,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX
>>>    
>>>
>>,FXSR,SIMD
>>  
>>
>>>real mem  = 267964416 (261684K)
>>>avail mem = 242708480 (237020K)
>>>using 3296 buffers containing 13500416 bytes (13184K) of memory
>>>mainbus0 (root)
>>>bios0 at mainbus0: AT/286+(00) BIOS, date 07/11/02, BIOS32 rev. 0 @
>>>0xfd7b1
>>>pcibios0 at bios0: rev. 2.1 @ 0xf0000/0x10000
>>>pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xf1e60/160 (8 entries)
>>>pcibios0: PCI Interrupt Router at 000:02:0 ("VIA VT82C596A PCI-ISA" rev
>>>0x00)
>>>pcibios0: PCI bus #1 is the last bus
>>>bios0: ROM list: 0xc0000/0xa000
>>>pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
>>>pchb0 at pci0 dev 0 function 0 "VIA VT82C691 Host-PCI" rev 0xc4
>>>ppb0 at pci0 dev 1 function 0 "VIA VT82C598 PCI-AGP" rev 0x00
>>>pci1 at ppb0 bus 1
>>>vga1 at pci1 dev 0 function 0 "S3 Savage 4" rev 0x03
>>>wsdisplay0 at vga1: console (80x25, vt100 emulation)
>>>wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
>>>pcib0 at pci0 dev 2 function 0 "VIA VT82C596A PCI-ISA" rev 0x12
>>>pciide0 at pci0 dev 2 function 1 "VIA VT82C571 IDE" rev 0x06: ATA66,
>>>channel 0 configured to compatibility, channel 1 configured to
>>>compatibility
>>>wd0 at pciide0 channel 0 drive 0: <QUANTUM FIREBALLP LM13>
>>>wd0: 16-sector PIO, LBA, 12949MB, 16383 cyl, 16 head, 63 sec, 26520480
>>>sectors
>>>wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
>>>drive at pciide0 channel 1 drive 0 not configured
>>>pchb1 at pci0 dev 2 function 3 "VIA VT82C596 Power Mgmt" rev 0x20
>>>ne3 at pci0 dev 15 function 0 "Realtek 8029" rev 0x00: irq 10
>>>ne3: address 00:c0:f0:52:df:db
>>>isa0 at pcib0
>>>isadma0 at isa0
>>>pckbc0 at isa0 port 0x60/5
>>>pckbd0 at pckbc0 (kbd slot)
>>>pckbc0: using irq 1 for kbd slot
>>>wskbd0 at pckbd0: console keyboard, using wsdisplay0
>>>pmsi0 at pckbc0 (aux slot)
>>>pckbc0: using irq 12 for aux slot
>>>wsmouse0 at pmsi0 mux 0
>>>pcppi0 at isa0 port 0x61
>>>midi0 at pcppi0: <PC speaker>
>>>sysbeep0 at pcppi0
>>>lpt0 at isa0 port 0x378/4 irq 7
>>>npx0 at isa0 port 0xf0/16: using exception 16
>>>pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
>>>pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
>>>fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
>>>fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
>>>biomask 4040 netmask 4440 ttymask 54c2
>>>pctr: 686-class user-level performance counters enabled
>>>mtrr: Pentium Pro MTRR support
>>>dkcsum: wd0 matched BIOS disk 80
>>>root on wd0a
>>>rootdev=0x0 rrootdev=0x300 rawdev=0x302



Visit your host, monkey.org