Hallo Misc.
I have a veeeryyy veeeryyy weird problem !!!
I will try to explain to you the best way I can.
I have small network. The Openbsd box (3.7 generic) is my firewall.
In 2 of my windows workstations I wont to have remote desktop. So I make a
pass in rule for the ports 65500 and 65501 and a rdr of these 2 ports 65500
to 1 ip at 3389 internal port and the 65501 to another ip in 3389.
It wont play from the outside world.
*Notice that the windows machines dont have a firewall and internally I can
log into remotely.
THIS IS THE WEIRD PART !
If i make the 65500 port 3389 and leave the rules for the 65501 INTACT it
will play immediately !!!!!!!
I tried also 50000 and 50001 and many other combinations as well and I had
the same problem again and again !
Only if i set a pass in and rdr on 3389 on one pc I will not experience a
problem !!!
*No services on my server will occupy the ports 65500 ot 65501 or the others
i tried.
A very experienced Openbsd person that I know tried to help me but he either
didnt understand why !
Do you have any idea why is this happening ? Is this a bug ?
Offcourse every time i was making changes to the pf i was doing
pfctl -F all
pfctl -f /etc/pf.conf
just to be sure and I even tried a reboot on the server to be sure its not
something with a stuck state or something like that ! Nothing worked !
Please help me !
Reports from the system follow below.
# pfctl -sn
nat on tun0 inet from 192.168.0.1 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.0.2 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.0.3 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.0.4 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.0.69 to any -> (tun0) round-robin
nat on tun0 inet from 192.168.0.227 to any -> (tun0) round-robin
rdr on tun0 inet proto tcp from any to (tun0) port = 3389 ->
192.168.0.1port 3389
rdr on tun0 inet proto tcp from any to (tun0) port = 65501 ->
192.168.0.2port 3389
# pfctl -sr
scrub in all fragment reassemble
block drop all
block drop in quick on ! tun0 inet from 213.5.99.213 to any
block drop in quick inet from 213.5.99.213 to any
pass in on tun0 inet proto tcp from any to (tun0) port = 15352 keep state
pass in on tun0 proto tcp from any to any port = 3389
pass in on tun0 proto tcp from any to any port = 65501
pass out on tun0 proto tcp all keep state
pass out on tun0 proto udp all keep state
pass out on tun0 proto icmp all keep state
pass in on rl0 inet from 192.168.0.0/24 to any
pass out on rl0 inet from any to 192.168.0.0/24
Dmesg :
OpenBSD 3.7 (GENERIC) #0: Wed Mar 29 04:41:11 EEST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Celeron ("GenuineIntel" 686-class, 128KB L2 cache) 534 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXS
R
real mem = 167354368 (163432K)
avail mem = 145965056 (142544K)
using 2068 buffers containing 8470528 bytes (8272K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(3d) BIOS, date 04/02/99, BIOS32 rev. 0 @ 0xfb330
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf0000/0xb7ac
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdca0/128 (6 entries)
pcibios0: PCI Exclusive IRQs: 10 11
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443LX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443LX AGP" rev 0x03
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel
0 wi red to compatibility,
channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD100EB-00BHF0>
wd0: 16-sector PIO, LBA, 9541MB, 19541088 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82371AB Power Mgmt" rev 0x02 at pci0 dev 7 function 3 not configured
vga1 at pci0 dev 9 function 0 "Cirrus Logic CL-GD5446" rev 0x00
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
rl0 at pci0 dev 11 function 0 "Realtek 8139" rev 0x10: irq 10 address
00:e0:4c:0 7:ad:dc
rlphy0 at rl0 phy 0: RTL internal phy
vr0 at pci0 dev 15 function 0 "VIA Rhine/RhineII" rev 0x06: irq 11 address
00:80 :c8:e6:b0:b6
amphy0 at vr0 phy 8: Am79C873 10/100 PHY, rev. 0
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask fb65 netmask ff65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
