Dear List,
I am a Ph.D. student at Cornell ORIE. I saw a Dell Optiplex 7050 SFF lying
around in our department and decided to install OpenBSD on it. The machine does
not have WiFi connectivity, but there is an RJ45 Ethernet jack, so I plugged a
cable in, and wrote a standard hostname.em0
werebane# cat /etc/hostname.em0
inet autoconf
inet6 autoconf
After “doas /etc/netstart”, The output of ifconfig looks fine
werebane# ifconfig
lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768
index 3 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
em0:
flags=a48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,AUTOCONF4>
mtu 1500
lladdr 54:bf:64:5d:02:be
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet6 fe80::56bf:64ff:fe5d:2be%em0 prefixlen 64 scopeid 0x1
inet 10.236.181.231 netmask 0xffffff00 broadcast 10.236.181.255
enc0: flags=0<>
index 2 priority 0 llprio 3
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
index 4 priority 0 llprio 3
groups: pflog
In fact, I can ping and traceroute google.com <http://google.com/> without any
problem
werebane# ping -c 4 google.com
PING google.com (132.236.61.7): 56 data bytes
64 bytes from 132.236.61.7: icmp_seq=0 ttl=61 time=0.737 ms
64 bytes from 132.236.61.7: icmp_seq=1 ttl=61 time=0.653 ms
64 bytes from 132.236.61.7: icmp_seq=2 ttl=61 time=0.738 ms
64 bytes from 132.236.61.7: icmp_seq=3 ttl=61 time=0.646 ms
--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.646/0.693/0.738/0.044 m
werebane# traceroute -n google.com
traceroute to google.com (132.236.61.7), 64 hops max, 40 byte packets
1 * 132.236.181.1 7.108 ms 1.274 ms
2 132.236.222.161 0.443 ms 128.253.222.161 0.524 ms 0.305 ms
3 128.253.222.114 0.572 ms 132.236.222.110 0.671 ms 128.253.222.114 0.735
ms
4 132.236.61.7 0.703 ms 0.688 ms 0.673 m
However, I got a “Connection refused” error when trying to install packages
werebane# pkg_add curl
https://cdn.openbsd.org/pub/OpenBSD/7.6/packages-stable/amd64/: ftp: connect:
Connection refused
https://cdn.openbsd.org/pub/OpenBSD/7.6/packages/amd64/: ftp: connect:
Connection refused
https://cdn.openbsd.org/pub/OpenBSD/7.6/packages/amd64/: empty
Can't find curl
What about another mirror? Still connection refused
werebane$ doas pkg_add -vvvvv curl
ftp://ftp.usa.openbsd.org/pub/OpenBSD/7.6/packages-stable/amd64/: ftp: connect:
Connection refused
ftp: Can't connect or login to host `ftp.usa.openbsd.org'
^Cpkg_add: Caught SIGINT
Besides FTP (port 21), I also cannot use SSH or access websites via HTTPS (port
443). However, I can somehow connect to HTTP (port 80) on remote servers.
werebane# nc -z google.com 80; echo $?
Connection to google.com (132.236.61.7) 80 port [tcp/www] succeeded!
0
werebane# pfctl -d; nc -z google.com 443; echo $?; pfctl -e
pf disabled
1
pf enabled
Here is the dmesg
https://pastebin.com/fxsva5PZ
I’m also attaching the output of tcpdump in case it helps
werebane# tcpdump -ntvvqX -s 1440 -i em0 host google.com
tcpdump: listening on em0, link-type EN10MB
10.236.181.231.28027 > 132.236.61.7.443: tcp 0 (DF) (ttl 64, id 2873, len 64)
0000: 4500 0040 0b39 4000 4006 acb8 0aec b5e7 E..@.9@.@.......
0010: 84ec 3d07 6d7b 01bb 1ee5 d762 0000 0000 ..=.m{.....b....
0020: b002 4000 82f9 0000 0204 05b4 0101 0402 ..@.............
0030: 0103 0306 0101 080a b61e 9643 0000 0000 ...........C....
132.236.61.7.443 > 10.236.181.231.28027: tcp 0 (DF) (ttl 61, id 0, len 40)
0000: 4500 0028 0000 4000 3d06 bb09 84ec 3d07 E..(..@.=.....=.
0010: 0aec b5e7 01bb 6d7b 0000 0000 1ee5 d763 ......m{.......c
0020: 5014 0000 c78a 0000 0000 0000 0000 P.............
10.236.181.231.48663 > 132.236.61.7.443: tcp 0 (DF) (ttl 64, id 3818, len 64)
0000: 4500 0040 0eea 4000 4006 a907 0aec b5e7 E..@..@.@.......
0010: 84ec 3d07 be17 01bb def3 7e7a 0000 0000 ..=.......~z....
0020: b002 4000 82f9 0000 0204 05b4 0101 0402 ..@.............
0030: 0103 0306 0101 080a 9885 1905 0000 0000 ................
132.236.61.7.443 > 10.236.181.231.48663: tcp 0 (DF) (ttl 61, id 0, len 40)
0000: 4500 0028 0000 4000 3d06 bb09 84ec 3d07 E..(..@.=.....=.
0010: 0aec b5e7 01bb be17 0000 0000 def3 7e7b ..............~{
0020: 5014 0000 0fc8 0000 0000 0000 0000 P.............
10.236.181.231 > 132.236.61.7: icmp: 8 0 [icmp cksum ok] (ttl 255, id 33893,
len 84)
0000: 4500 0054 8465 0000 ff01 b47c 0aec b5e7 E..T.e.....|....
0010: 84ec 3d07 0800 dfab b582 0000 8ee7 3453 ..=...........4S
0020: 7f97 a013 eee5 a00c ad96 8f97 2107 4942 ............!.IB
0030: f44b e2b2 1819 1a1b 1c1d 1e1f 2021 2223 .K.......... !"#
0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0050: 3435 3637 4567
132.236.61.7 > 10.236.181.231: icmp: 0 0 [icmp cksum ok] (ttl 61, id 52978, len
84)
0000: 4500 0054 cef2 0000 3d01 2bf0 84ec 3d07 E..T....=.+...=.
0010: 0aec b5e7 0000 e7ab b582 0000 8ee7 3453 ..............4S
0020: 7f97 a013 eee5 a00c ad96 8f97 2107 4942 ............!.IB
0030: f44b e2b2 1819 1a1b 1c1d 1e1f 2021 2223 .K.......... !"#
0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0050: 3435 3637 4567
Initially I thought this might be due to some firewall configuration in our
department, but that is unlikely because I’m trying to access ports on *remote*
machines. Moreover, another Windows machine connecting to the same network
switch have no problem accessing websites via HTTPS.
How do I connect to ports other than 80 on remote machines? Any thoughts are
appreciated!
Bests,
Qingyao
