Dear Readers;
I'm using 4.1 with the generic kernel.
Here is my dmesg:
# dmesg
OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 552 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 536428544 (523856K)
avail mem = 481763328 (470472K)
using 4278 buffers containing 26943488 bytes (26312K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 05/19/00, BIOS32 rev. 0 @ 0xf06c0,
SMBIOS rev. 2.3 @ 0xf1f50 (45 entries)
bios0: ASUSTeK Computer INC. <P3B-F>
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0000/0xf22
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf0e80/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:04:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Rage Pro" rev 0x5c
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 4 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 4 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD800BB-00CAA1>
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <PLEXTOR, CD-R PX-W5224A, 1.02> SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 4 function 2 "Intel 82371AB USB" rev 0x01: irq 12
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
piixpm0 at pci0 dev 4 function 3 "Intel 82371AB Power" rev 0x02: SMI
iic0 at piixpm0
lm1 at iic0 addr 0x2d: AS99127F
rl0 at pci0 dev 11 function 0 "Accton MPX 5030/5038" rev 0x10: irq 10,
address 00:10:b5:8d:0c:e8
rlphy0 at rl0 phy 0: RTL internal PHY
my ifconfig
# ifconfig =A
=A: no such interface
# ifconfig -A
#Loop back, pflog ommitted
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:10:b5:8d:0c:e8
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::210:b5ff:fe8d:ce8%rl0 prefixlen 64 scopeid 0x1
my resolv.conf
nameserver 208.201.224.11
nameserver 208.201.224.33
My name server, a.ns.theamericanbray.com, is having issues resolving any
DNS related matters; dig returns a time out error, an nslookup from a
workstation on another site returns a time out as well when checking the
status of theamericanbray.com. My other name server,
b.ns.theamericanbray.com, has no problems with dig, but nslookup from a
different site doesn't seem to receive any answers from that name
server. The software being used is DJBDNS and my data files look as thus:
.theamericanbray.com:64.142.102.9:a:259200
.theamericanbray.com:64.142.102.10:b:259200
=www.theamericanbray.com:64.142.102.11:86400
+www.theamericanbray.com:64.142.102.11
Also, I'm using a pf firewall to distribute and manage my internet
connection.
My pf.conf is thus:
# 192.168.0.1 subnet
ext_ip="64.142.102.8"
int_ip="192.168.0.1"
int_block="192.168.0.0/24"
#DMZ subnet
#Interface
dmz_ip="192.168.1.1"
dmz_block="192.168.1.0/24"
#DNS 1
ns_a="192.168.1.2"
pub_ns_a="64.142.102.9"
#DNS 2
ns_b="192.168.1.3"
pub_ns_b="64.142.102.10"
#WWW 1
www_ip="192.168.1.4"
pub_www="64.142.102.11"
#DMZ Services
services="{ domain, www, smtp, }"
#Normalizing
scrub in all
set skip on lo0
#NAT and Binat
nat on rl0 from $int_block to any -> $ext_ip
binat on rl0 from $ns_a to any -> $pub_ns_a
binat on rl0 from $ns_b to any -> $pub_ns_b
binat on rl0 from $www_ip to any -> $pub_www
#Redirection
rdr on rl1 proto tcp from any to $pub_www port 80 -> $www_ip
#Default block policy
block log all
#Anti-spoofing
block in quick from urpf-failed
#rl0 traffic
pass on rl0 proto icmp all
pass in on rl0 proto { tcp, udp } from any to { $ns_a, $ns_b } port domain
pass in on rl0 proto tcp from any to $ext_ip port ftp
pass in on rl0 proto tcp from any to { $ext_ip, $www_ip } port { 80, 443 }
pass in on rl0 proto tcp from any to { $pub_ns_b, $pub_www, $pub_ns_a,
$ext_ip } port 123
pass out on rl0 proto tcp from { $ext_ip, $pub_www} to any port { 80, 443 }
pass out quick on rl0 proto udp from { $pub_ns_b, $pub_ns_a, $pub_www,
$ext_ip } to any port domain
pass out on rl0 proto tcp from $ext_ip to any port ftp
pass out on rl0 proto udp from { $pub_ns_b, $pub_ns_a } to any port domain
pass out on rl0 proto tcp from { $pub_ns_b, $pub_www, $pub_ns_a, $ext_ip
} to any port 123
pass out on rl0 proto tcp from any to 207.212.58.16 port 110
#rl1 traffic
pass quick on rl1
#vr0 traffic
pass quick on vr0
I've been watching my pflog0 with tcpdump and have seen no blocked in
our out DNS traffic.
Anyhow, anyone who has some further insight into these issues, your help
is much appreciated.
Thank you,
Braden.
