Sorry, forget to CC myself. (Is this the only way to get a reply from the list?)
> On Oct 17, 2024, at 19:24, Qingyao Sun <sunqingyao19970...@icloud.com> wrote: > > Dear List, > > I am a Ph.D. student at Cornell ORIE. I saw a Dell Optiplex 7050 SFF lying > around in our department and decided to install OpenBSD on it. The machine > does not have WiFi connectivity, but there is an RJ45 Ethernet jack, so I > plugged a cable in, and wrote a standard hostname.em0 > > werebane# cat /etc/hostname.em0 > inet autoconf > inet6 autoconf > > After “doas /etc/netstart”, The output of ifconfig looks fine > > werebane# ifconfig > lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768 > index 3 priority 0 llprio 3 > groups: lo > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127.0.0.1 netmask 0xff000000 > em0: > flags=a48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6TEMP,AUTOCONF6,AUTOCONF4> > mtu 1500 > lladdr 54:bf:64:5d:02:be > index 1 priority 0 llprio 3 > groups: egress > media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) > status: active > inet6 fe80::56bf:64ff:fe5d:2be%em0 prefixlen 64 scopeid 0x1 > inet 10.236.181.231 netmask 0xffffff00 broadcast 10.236.181.255 > enc0: flags=0<> > index 2 priority 0 llprio 3 > groups: enc > status: active > pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136 > index 4 priority 0 llprio 3 > groups: pflog > > In fact, I can ping and traceroute google.com without any problem > > werebane# ping -c 4 google.com > PING google.com (132.236.61.7): 56 data bytes > 64 bytes from 132.236.61.7: icmp_seq=0 ttl=61 time=0.737 ms > 64 bytes from 132.236.61.7: icmp_seq=1 ttl=61 time=0.653 ms > 64 bytes from 132.236.61.7: icmp_seq=2 ttl=61 time=0.738 ms > 64 bytes from 132.236.61.7: icmp_seq=3 ttl=61 time=0.646 ms > > --- google.com ping statistics --- > 4 packets transmitted, 4 packets received, 0.0% packet loss > round-trip min/avg/max/std-dev = 0.646/0.693/0.738/0.044 m > > werebane# traceroute -n google.com > traceroute to google.com (132.236.61.7), 64 hops max, 40 byte packets > 1 * 132.236.181.1 7.108 ms 1.274 ms > 2 132.236.222.161 0.443 ms 128.253.222.161 0.524 ms 0.305 ms > 3 128.253.222.114 0.572 ms 132.236.222.110 0.671 ms 128.253.222.114 > 0.735 ms > 4 132.236.61.7 0.703 ms 0.688 ms 0.673 m > > However, I got a “Connection refused” error when trying to install packages > > werebane# pkg_add curl > https://cdn.openbsd.org/pub/OpenBSD/7.6/packages-stable/amd64/: ftp: connect: > Connection refused > https://cdn.openbsd.org/pub/OpenBSD/7.6/packages/amd64/: ftp: connect: > Connection refused > https://cdn.openbsd.org/pub/OpenBSD/7.6/packages/amd64/: empty > Can't find curl > > What about another mirror? Still connection refused > > werebane$ doas pkg_add -vvvvv curl > ftp://ftp.usa.openbsd.org/pub/OpenBSD/7.6/packages-stable/amd64/: ftp: > connect: Connection refused > ftp: Can't connect or login to host `ftp.usa.openbsd.org' > ^Cpkg_add: Caught SIGINT > > Besides FTP (port 21), I also cannot use SSH or access websites via HTTPS > (port 443). However, I can somehow connect to HTTP (port 80) on remote > servers. > > werebane# nc -z google.com 80; echo $? > Connection to google.com (132.236.61.7) 80 port [tcp/www] succeeded! > 0 > werebane# pfctl -d; nc -z google.com 443; echo $?; pfctl -e > pf disabled > 1 > pf enabled > Here is the dmesg > > https://pastebin.com/fxsva5PZ > > > I’m also attaching the output of tcpdump in case it helps > > werebane# tcpdump -ntvvqX -s 1440 -i em0 host google.com > tcpdump: listening on em0, link-type EN10MB > 10.236.181.231.28027 > 132.236.61.7.443: tcp 0 (DF) (ttl 64, id 2873, len 64) > 0000: 4500 0040 0b39 4000 4006 acb8 0aec b5e7 E..@.9@.@....... > 0010: 84ec 3d07 6d7b 01bb 1ee5 d762 0000 0000 ..=.m{.....b.... > 0020: b002 4000 82f9 0000 0204 05b4 0101 0402 ..@............. > 0030: 0103 0306 0101 080a b61e 9643 0000 0000 ...........C.... > > 132.236.61.7.443 > 10.236.181.231.28027: tcp 0 (DF) (ttl 61, id 0, len 40) > 0000: 4500 0028 0000 4000 3d06 bb09 84ec 3d07 E..(..@.=.....=. > 0010: 0aec b5e7 01bb 6d7b 0000 0000 1ee5 d763 ......m{.......c > 0020: 5014 0000 c78a 0000 0000 0000 0000 P............. > > 10.236.181.231.48663 > 132.236.61.7.443: tcp 0 (DF) (ttl 64, id 3818, len 64) > 0000: 4500 0040 0eea 4000 4006 a907 0aec b5e7 E..@..@.@....... > 0010: 84ec 3d07 be17 01bb def3 7e7a 0000 0000 ..=.......~z.... > 0020: b002 4000 82f9 0000 0204 05b4 0101 0402 ..@............. > 0030: 0103 0306 0101 080a 9885 1905 0000 0000 ................ > > 132.236.61.7.443 > 10.236.181.231.48663: tcp 0 (DF) (ttl 61, id 0, len 40) > 0000: 4500 0028 0000 4000 3d06 bb09 84ec 3d07 E..(..@.=.....=. > 0010: 0aec b5e7 01bb be17 0000 0000 def3 7e7b ..............~{ > 0020: 5014 0000 0fc8 0000 0000 0000 0000 P............. > > 10.236.181.231 > 132.236.61.7: icmp: 8 0 [icmp cksum ok] (ttl 255, id 33893, > len 84) > 0000: 4500 0054 8465 0000 ff01 b47c 0aec b5e7 E..T.e.....|.... > 0010: 84ec 3d07 0800 dfab b582 0000 8ee7 3453 ..=...........4S > 0020: 7f97 a013 eee5 a00c ad96 8f97 2107 4942 ............!.IB > 0030: f44b e2b2 1819 1a1b 1c1d 1e1f 2021 2223 .K.......... !"# > 0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123 > 0050: 3435 3637 4567 > > 132.236.61.7 > 10.236.181.231: icmp: 0 0 [icmp cksum ok] (ttl 61, id 52978, > len 84) > 0000: 4500 0054 cef2 0000 3d01 2bf0 84ec 3d07 E..T....=.+...=. > 0010: 0aec b5e7 0000 e7ab b582 0000 8ee7 3453 ..............4S > 0020: 7f97 a013 eee5 a00c ad96 8f97 2107 4942 ............!.IB > 0030: f44b e2b2 1819 1a1b 1c1d 1e1f 2021 2223 .K.......... !"# > 0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123 > 0050: 3435 3637 4567 > Initially I thought this might be due to some firewall configuration in our > department, but that is unlikely because I’m trying to access ports on > *remote* machines. Moreover, another Windows machine connecting to the same > network switch have no problem accessing websites via HTTPS. > > How do I connect to ports other than 80 on remote machines? Any thoughts are > appreciated! > > > Bests, > Qingyao
