On 8/16/05, Mike Henker <[EMAIL PROTECTED]> wrote: > Ok Nick, ckecking all what you said step by step: > > > Can you put your /etc/resolv.conf file back to the one with the ISP's > > dns servers in it first. > > Changed to: > lookup file bind > name server 194.224.52.6 > name server 194.224.52.4 > > > Can you confirm if you've got pf enabled or not and if you do can you > > send a copy of your pf.conf file. > > I dont have pf enabled (all inside pf.conf file has a "#" at the > begining of each line). > > > Can you confirm the contents of your /etc/mygate file. > > 192.168.0.1 > > > Can you confirm the contents of your /etc/hostname.rl1 and > > /etc/hostname.rl0 files. > > hostname.rl0 > inet 192.168.1.3 255.255.255.0 NONE > > hostname.rl1 > inet 192.168.0.9 255.255.255.0 NONE > > > Can you also confirm the subnet mask on your adsl router's 192.168.0.1 > > address ( it'll probably be something like 255.255.255.0) > > Yes I can confirm you the subnet mask is 255.255.255.0 > > From the firewall with these setting I can ping 192.168.0.1 but cannot > ping for example http://www.google.com
Just something that has been bugging me: are you trying to ping "http://www.google.com"; or "www.google.com". It's just because the frist one will never work. > > If it can help the past message that appears the past days saying: ntpd > could not parse "pool.ntp.org" doesnt appear now. > > Please Nick if need more info letme know thanks. > > Salutes, > Mike > > _________________________________________________________________________ > Nick escribis: > > It's definitely a DNS issue, although it should be working as your > > resolv.conf file looks good. > > > > Can you check a few things please? > > > > Can you put your /etc/resolv.conf file back to the one with the ISP's > > dns servers in it first. > > > > Can you confirm if you've got pf enabled or not and if you do can you > > send a copy of your pf.conf file. > > > > Can you confirm the contents of your /etc/mygate file. > > > > Can you confirm the contents of your /etc/hostname.rl1 and > > /etc/hostname.rl0 files. > > > > Can you also confirm the subnet mask on your adsl router's 192.168.0.1 > > address ( it'll probably be something like 255.255.255.0) > > > > > > What I'm trying to do is troubleshoot a few things such as if you've got > > firewall rules that will interfere with dns lookups and your network > > settings to see if there's a misstype in there as it should be working > > at the moment. > > > > Once we've the internet working properly on your openbsd box we'll then > > work on getting machines behind it to access through it properly. > > > > Ta - Nick > > > > > > > > Mike Henker wrote: > > > >> Hi Nick & Greg I was testing all the steps but the problem (and > >> remember I m a newbie and perhaps I m wrong) I think is because the > >> firewall can t "see" Internet (exactly the rl1 card with ip 192.168.0.9). > >> > >> I tried differents options in resolv.conf > >> > >> 1) The one you said (192.168.0.1 is the gateway on the router) > >> lookup file bind > >> nameserver 192.168.0.1 > >> > >> Having that in resolv.conf I can ping to 192.168.0.1, to 192.168.0.9, > >> and also to 192.198.1.3 but dont work DNS lookups or pings to machines > >> on Internet: > >> lynx news.bbc.co.uk or nslookup news.bbc.co.uk (said "connection time > >> out; no servers could be reached") or ping http://www.google.com (said > >> "ping: unkown host http://www.google.com) > >> > >> 2) Another option I tried is to put into resolv.conf the DNS of my ISP > >> (as I saw it in the faqs) > >> > >> lookup file bind > >> nameserver 194.224.52.6 > >> nameserver 194.224.52.4 > >> > >> And happens the same I can ping to 192.168.0.1, to 192.168.0.9, and > >> also to 192.198.1.3 but dont work DNS lookups or pings to machines on > >> Internet: > >> lynx news.bbc.co.uk or nslookup news.bbc.co.uk (said "connection time > >> out; no servers could be reached") or ping http://www.google.com (said > >> "ping: unkown host http://www.google.com) > >> > >> I called to my ISP, a nice girl answer the phone and at first said > >> Open...what ?? She said for to be connected to Internet in any OS I ll > >> need always 3 parameters: > >> The gateway: 192.1668.0.1 > >> The primary DNS: 194.224.52.6 > >> The secondary DNS: 194.224.52.4 > >> > >> If it can help if I connect my wife's PC (with windows) with the 3 > >> parameters the ISP said me (the gateway and the two DNS) she can surf > >> on Internet without probs. > >> > >> I hope all of this info can help you for to detect what s the problem. > >> > >> Regards, > >> Mike > >> > >> _____________________________________________________________________________ > >> > >> > >> Greg Thomas escribis: > >> > >>> It looks like Nick's reply has everything covered, most importantly > >>> the requirement of a new route on your router to your 192.168.1.x > >>> network. > >>> > >>> Greg > >>> > >>> On 8/15/05, Mike Henker <[EMAIL PROTECTED]> wrote: > >>> > >>>> You re right, Im sorry I wrote an error instead of "192.169.1.x" I mean > >>>> 192.168.1.x > >>>> > >>>> I know what I want to do, the problem is I don t know how to > >>>> configurate > >>>> the firewall: > >>>> > >>>> For to ilustrate better the structure is: > >>>> > >>>> Router-OpenBSDFirewall-Hub-Intranet Lan (with some machines connected) > >>>> > >>>> Looking nearly: > >>>> > >>>> Router (with gateway 192.168.0.1) > >>>> > >>>> OpenBSD with 2 network cards: > >>>> One network card 192.168.0.9 (connected to the router) > >>>> One network Card 192.168.1.3 (connected to a HUB) I want to connect my > >>>> wife's computer and the rest of machines (my home lan) to the hub > >>>> for to > >>>> be protected by the OpenBSD firewall, and all the traffic will pass > >>>> through the OpenBSD firewall. > >>>> > >>>> I suppose NAT is running on my 192.168.0.1 router because if I > >>>> connect a > >>>> machine directly to the router just need 3 parameters for to "surf" on > >>>> Internet (my ISP give me that info) > >>>> > >>>> The gateway 192.168.0.1 > >>>> A Primary DNS 194.224.52.6 > >>>> A secondary DNS 194.224.52.4 > >>>> > >>>> Greg the info you need: > >>>> > >>>> My wife computer s 192.168.1.20 > >>>> My laptop 192.168.1.19 > >>>> Another machine 192.168.1.18 > >>>> > >>>> mygate file has: > >>>> 192.168.0.1 > >>>> > >>>> Results of netstat -rn > >>>> > >>>> Routing tables > >>>> Internet: > >>>> Destination Gateway Flags Refs Use Mtu Interface > >>>> default 192.168.0.1 UGS 0 0 - rl1 > >>>> 127/8 127.0.0.1 UGRS 0 0 33224 lo0 > >>>> 127.0.0.1 127.0.0.1 UH 1 104 33224 lo0 > >>>> 192.168.0/24 link#2 UC 1 0 - rl1 > >>>> 192.168.0.1 0:4:76:95:70:bb UHLc 1 0 - rl1 > >>>> 192.168.1/24 link#1 UC 0 0 - rl0 > >>>> 224/4 127.0.0.1 URS 0 0 33224 lo0 > >>>> > >>>> I suppose I must to put as gateway in the machines connected to the hub > >>>> the gateway 192.168.1.3 (remember is the network card of the OpenBSD > >>>> firewall connected to the Hub) > >>>> > >>>> Salutes, > >>>> Mike > >>>> > >>>> Greg Thomas escribis: > >>>> > >>>>> This is a basic networking problem. You need to post MUCH more info. > >>>>> We'll assume NAT is running on your 192.168.0.1 router. > >>>>> > >>>>> A little drawing of your network with IPs of your workstations, > >>>>> firewall, and router would help. Either you have a typo below or you > >>>>> don't understand TCP/IP, see my note below. Need contents of > >>>>> etc/mygate. Results of netstat -rn. > >>>>> > >>>>> On 8/15/05, Mike Henker <[EMAIL PROTECTED]> wrote: > >>>>> > >>>>> > >>>>>> I checked the file you said and is correct. I think the problem is > >>>>>> what > >>>>>> you said because if I do a ping and a messages appears saying "ping: > >>>>>> unknow host http://www.openbsd.org"; > >>>>>> > >>>>>> Perhaps giving the maximun info will understand better what I want > >>>>>> to do. > >>>>>> > >>>>>> I installed OpenBSD 3.7 > >>>>>> > >>>>>> I have a router at home and want to put a firewall between the router > >>>>>> and the lan I have at home. > >>>>>> > >>>>>> The gateway (on the router is 192.168.0.1) > >>>>>> The OpenBSD firewall I installed has 2 nerwork cards > >>>>>> - 192.168.0.3 > >>>>>> - 192.169.1.9 > >>>>>> > >>>>>> Like the man afterboot says I enabled in /etc/sysctl.conf: > >>>>>> > >>>>>> net.inet.ip.forwarding=1 > >>>>>> > >>>>>> But seems not to work, because the machines in the intranet (my wife > >>>>>> machines has the IP 192.168.1.20 for example) can t exit to Internet > >>>>>> > >>>>> > >>>>> > >>>>> You have 192.168.1.x in that last sentence but 192.169.1.x up above. > >>>>> I assume you mean: > >>>>> > >>>>> 192.168.1.20 <-> 192.168.1.9/192.168.0.3 <-> 192.168.0.1 <-> > >>>>> internet > >>>>> > >>>>> Greg > > -- "They allowed us to set up a separate division almost, that is physically, geographically, psychologically and spiritually different from what Bill himself calls the Borg" - Peter Moore, V.P. in charge of Xbox 360 marketing at Microsoft.
