[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

i can't ping yahoo.com ?



Hi everybody,

I'm a noobs in OpenBsd, i've just started past Friday...

My local network, access to the net through an Suze Linux gateway, and i
to impose the local network to cross he openbsd i've just configure.

I've configured two ethernet card ont the OpenBsd, in order to split the
network.
Ine the local side, computers have access to 192.168.1.* subnet, and the
internet
side is on 192.168.2.* (The suze Gateway, and one of the OpenBsd ethernet
card).

I've configured a NAT packet translation, from one subnet to the other, it
runs correctly.
And packet filter will be enabled in the future, he allow all the packets to
cross from
one card or the other, whatever the source is...

test : http://yahoo.com <- host is down
hum.... : http://yahoo.fr <- echo reply
grrrr.... : http://www.yahoo.com <- echo reply
GRRRR : http://yahoo.com <- host is down

I try the ping from the openbsd directly, same results...

I try without getting throught the openbsd, it works. Certainly, yahoo.com was down ? I tried both in the same time, seams that openbsd can't access to the yahoo.com host.

I don't understand, what's wrong in my configuration ?

Thx for your advices :)

Seb

PS : my configuration follow...

bsd# cat /etc/hostname.rl0
#inet 192.168.2.2 1 255.255.255.0 media 10baseT
inet 192.168.1.250 1 255.255.255.0 media 10baseT
bsd# cat /etc/hostname.rl1
#inet 192.168.1.250 1 255.255.255.0 media 10baseT
inet 192.168.2.2 1 255.255.255.0 media 10baseT
bsd# cat /etc/nat.conf
#       $OpenBSD: nat.conf,v 1.4 2001/07/09 23:20:46 millert Exp $
#
# See nat.conf(5) for syntax and examples
#
# replace ext0 with external interface name, 10.0.0.0/8 with internal
network
# and 192.168.1.1 with external address
#
# nat: packets going out through ext0 with source address 10.0.0.0/8 will
get
# translated as coming from 192.168.1.1. a state is created for such
packets,
# and incoming packets will be redirected to the internal address.

# nat on ext0 from 10.0.0.0/8 to any -> 192.168.1.1
#nat on rl0 from 192.168.2.2 to any -> 192.168.1.250
nat on rl0 from rl1 to any -> rl0
#nat on rl1 from 192.168.2.2/24 to any -> 192.168.1.250
#nat on rl0 from 192.168.1.254/24 to any -> 192.168.2.2
#nat on rl0 from 192.168.1.250/24 to any -> 192.168.2.2
# rdr: packets coming in through ext0 with destination 192.168.1.1:1234 will
# be redirected to 10.1.1.1:5678. a state is created for such packets, and
# outgoing packets will be translated as coming from the external address.
#nat on rl0 from rl1/24 to any -> rl0
#nat on rl1 from rl0/24 to any -> rl1
# rdr on ext0 proto tcp from any to 192.168.1.1/32 port 1234 -> 10.1.1.1
port 5678
bsd# cat /etc/pf.conf
#       $OpenBSD: pf.conf,v 1.3 2001/11/16 22:53:24 dhartmei Exp $
#
# See pf.conf(5) for syntax and examples

# pass all packets in and out (these are the implicit first two rules)
pass in all
pass out all

#block in all
#block out all
#pass out proto tcp from any to any port = 80
#pass in proto tcp from any to any port = 80 keep state
#pass out proto tcp from any to any port = 80 keep state
#pass in proto udp from any to any port = 53 keep state
#pass out proto tcp from any to any port = 25 keep state

#pass in proto tcp from any to any port = 110 keep state
#pass in proto tcp from any to any port = 6668 keep state
#pass out proto tcp from any to any port = 6668 keep state
#pass in proto tcp from any to any port = 21 keep state
#pass out proto tcp from any to any port = 21 keep state
#pass in proto tcp from 192.168.1.0/24 to 192.168.1.0/24 port = 22 keep
state
#pass out proto tcp from 192.168.1.0/24 to 192.168.1.0/24 port = 22 keep
state
#pass in proto tcp from any to any port = 143 keep state
bsd# cat /etc/rc.conf
#!/bin/sh -
#
#       $OpenBSD: rc.conf,v 1.72 2002/01/08 12:04:43 tholo Exp $

# set these to "NO" to turn them off.  otherwise, they're used as flags
routed_flags=NO         # for normal use: "-q"
altqd_flags=NO          # for normal use: ""
mrouted_flags=NO        # for normal use: "", if activated
                       # be sure to enable multicast_router below.
rarpd_flags=NO          # for normal use: "-a"
bootparamd_flags=NO     # for normal use: ""
rbootd_flags=NO         # for normal use: ""
sshd_flags=""           # for normal use: ""
smtpfwdd_flags=NO       # for normal use: ""; be sure to configure smtpd(8)
                       # and sendmail(8) to use MSA only
named_flags=NO          # for normal use: ""
rdate_flags=NO          # for normal use: name of RFC868 timeserver
timed_flags=NO          # for normal use: ""
ntpdate_flags=NO        # for normal use: NTP server; run before ntpd starts
photurisd_flags=NO      # for normal use: ""
isakmpd_flags=NO        # for normal use: ""
mopd_flags=NO           # for normal use: "-a"
httpd_flags=NO          # for normal use: "" (or "-DSSL" after reading
ssl(8))
apmd_flags=NO           # for normal use: ""
dhcpd_flags=NO          # for normal use: "-q"
rtadvd_flags=NO         # for normal use: list of interfaces
                       # be sure to set net.inet6.ip6.forwarding=1
route6d_flags=NO        # for normal use: ""
                       # be sure to set net.inet6.ip6.forwarding=1
rtsold_flags=NO         # for normal use: interface
                       # be sure to set net.inet6.ip6.forwarding=0
                       # be sure to set net.inet6.ip6.accept_rtadv=1
lpd_flags=NO            # for normal use: "" (or "-l" for debugging)

# For normal use: "-L sm-mta -bd -q30m"
sendmail_flags="-L sm-mta -C/etc/mail/localhost.cf -bd -q30m"

# Set to NO if ftpd is running out of inetd
ftpd_flags=NO           # for non-inetd use: "-D"

# Set to NO if identd is running out of inetd
identd_flags=NO         # for non-inetd use: "-b -u nobody -elo"

# On some architectures, you must also disable console getty in /etc/ttys
xdm_flags=NO            # for normal use: ""

# For enabling console mouse support (i386 architecture only)
wsmoused_flags=NO       # for ps/2 or usb mice: "", serial: "-p /dev/cua00"

# set the following to "YES" to turn them on
rwhod=NO
nfs_server=NO           # see sysctl.conf for nfs client configuration
lockd=NO
gated=NO
amd=NO
pf=YES                  # Packet filter / NAT
portmap=YES             # almost always needed
inetd=YES               # almost always needed
check_quotas=YES        # NO may be desirable in some YP environments
ntpd=YES                # run ntpd if it exists

krb4_server_kdc=NO      # kerberos server. run 'info kth-krb' for
assistance.
krb4_slave_kdc=NO       # kerberos slave server.
krb5_master_kdc=NO      # KerberosV master KDC. Run 'info heimdal' for help.
krb5_slave_kdc=NO       # KerberosV slave KDC.
afs=NO                  # mount and run afs

# Multicast routing configuration
# Please look at /etc/netstart for a detailed description if you change
these
multicast_host=NO       # Route all multicast packets to a single interface
multicast_router=NO     # A multicast routing daemon will be run, e.g.
mrouted

# miscellaneous other flags
# only used if the appropriate server is marked YES above
savecore_flags=                 # "-z" to compress
gated_flags=
ypserv_flags=                   # E.g. -1 for YP v1, -d for DNS etc
yppasswdd_flags=                # "-d /etc/yp" if passwd files are in
/etc/yp
nfsd_flags="-tun 4"             # Crank the 4 for a busy NFS fileserver
amd_dir=/tmp_mnt                # AMD's mount directory
amd_master=/etc/amd/master      # AMD 'master' map
syslogd_flags=                  # add more flags, ie. "-u -a
/chroot/dev/log"
named_user=named                # Named should not run as root unless
necessary
named_chroot=/var/named         # Where to chroot named if not empty
pf_rules=/etc/pf.conf           # Packet filter rules file
nat_rules=/etc/nat.conf         # NAT rules file
pflogd_flags=                   # add more flags, ie. "-s 256"
afs_mount_point=/afs            # Mountpoint for AFS
afs_device=/dev/xfs0            # Device used by afsd
afsd_flags=-z                   # Flags passed to afsd
shlib_dirs=                     # extra directories for ldconfig

local_rcconf="/etc/rc.conf.local"

[ -f ${local_rcconf} ] && . ${local_rcconf} # Do not edit this line

bsd# pfctl -F nat
nat cleared
bsd# pfctl -N /etc/nat.conf
bsd# pfctl -R /etc/pf.conf
bsd# sh /etc/netstart
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
writing to routing socket: File exists
add net default: gateway 192.168.1.254: File exists
writing to routing socket: File exists
bsd# ping yahoo.fr
PING yahoo.fr (217.12.3.11): 56 data bytes
64 bytes from 217.12.3.11: icmp_seq=0 ttl=242 time=587.771 ms
64 bytes from 217.12.3.11: icmp_seq=1 ttl=242 time=587.175 ms
64 bytes from 217.12.3.11: icmp_seq=2 ttl=242 time=588.169 ms
--- yahoo.fr ping statistics ---
4 packets transmitted, 3 packets received, 25% packet loss
round-trip min/avg/max/std-dev = 587.175/587.705/588.169/0.408 ms
bsd# ping yahoo.com
PING yahoo.com (66.218.71.198): 56 data bytes
ping: sendto: Host is down
ping: wrote yahoo.com 64 chars, ret=-1
--- yahoo.com ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss
bsd# cat /etc/mygate
192.168.1.254
bsd# cat /etc/resolv.conf
search idems.fr

nameserver 193.252.19.3
nameserver 193.252.19.4
lookup file bind
bsd# nslookup yahoo.com
Server:  ns3.wanadoo.fr
Address:  193.252.19.3

Non-authoritative answer:
Name:    yahoo.com
Addresses:  66.218.71.198, 64.58.79.230

bsd#

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp




Visit your host, monkey.org