Re: strange tcp rst with rdomain

Wed, 21 Dec 2011 01:31:24 -0800 

well that is how rdomains work, they are isolated from each other, pf
can break that isolation up. an sshd in rdomain 0 is not reachable
from another rdomain, except pf is used to allow that - or something
external routes between them.

* Russell Garrison <russell.garri...@gmail.com> [2011-12-20 21:50]:
> I was inspired and realized you can do better with pf:
>
> pass in on em5 proto tcp to 192.168.235.12 port 22 \
>         rdr-to 192.168.163.1 rtable 0
>
> I am not using vlan and my interfaces have IP addresses assigned.
> 235.12 above is the management IP of the host in a non-zero rdomain
> and 163.1 is the IP of the host in rdomain 0 with sshd listener
> started. May still not be the best way, but I like this better than
> starting multiple sshd. That approach had an added problem that my tty
> would start in the rdomain local to where I connected, instead of
> using 0 as the default.
>
>
>
> On Tue, Dec 20, 2011 at 3:28 PM, Russell Garrison
> <russell.garri...@gmail.com> wrote:
> > I have found that I need to add something like:
> >
> > !route -T 2 exec /usr/sbin/sshd
> >
> > To the pertinent hostname.if file to make sure sshd is listening in
> > addtional routing tables, but I do not know if this is best.
> >
> > On Mon, Dec 19, 2011 at 1:02 PM, PP;QQ P(P8P?P8QP8P=
> <chipits...@gmail.com> wrote:
> >> Hello.
> >>
> >> I'm running multihomed OpenBSD server:
> >>
> >> vlan5/carp5 - default
> >> vlan2/carp2 and vlan4/carp4 are connected to other ISPs.
> >>
> >> when there's no rdomain thing, everything seems to be working, except
> >> all outgoing packets goes through vlan5/carp5.
> >>
> >>
> >> so, I did
> >>
> >> f2n0:/root#cat /etc/hostname.vlan2
> >> vlan 2 vlandev trunk0 mtu 1300
> >> up
> >>
> >> f2n0:/root#cat /etc/hostname.carp2
> >> vhid 62 pass m1pass carpdev vlan2 X.X.X.X/26 rdomain 2
> >> !/sbin/route -T 2 add 0.0.0.0/0 X.X.X.Z
> >> f2n0:/root#cat /etc/hostname.vlan4
> >> vlan 4 vlandev trunk0 mtu 1300
> >> up
> >>
> >> f2n0:/root#cat /etc/hostname.carp4
> >> vhid 64 pass m1pass carpdev vlan4 Y.Y.Y.Y/26 rdomain 4
> >> !/sbin/route -T 4 add 0.0.0.0/0 Y.Y.Y.Z
> >> f2n0:/root#
> >>
> >> also, I did
> >>
> >> f2n0:/root#grep -v ^# /etc/pf.conf
> >>
> >> set skip on lo
> >>
> >> pass in vlan2 rtable 2
> >> pass in vlan4 rtable 4
> >>
> >> pass
> >>
> >>
> >> "ping"is working good, packets go out via appropriate interface.
> >> however, ssh ends with "tcp rst", for example.
> >> how can the reason for that "tcp rst" might be detected?
> >>
> >> am I doing anything wrong with rdomains?
> >>
> >> Ilya Shipitsin
>

--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
Managed
Henning Brauer Consulting, http://henningbrauer.com/

Reply via email to