Braden Mailloux wrote:
Adriaan wrote:
On 7/15/07, Braden Mailloux <[EMAIL PROTECTED]> wrote:
Dear Readers;
I've been using the log feature of pf and have found that, when
attempting to access my webserver via dns, that pf does not block any
traffic. I also added a log to my "block in quick from urpf-failed" and
that has returned no hits in the log.
The time that I had a similar issue, where tcpdump on pflog0 didn't
show anything, turned out to be a routing issue.
I had a authoritative-only nameserver in a DMZ and forgot to set it's
default route to the IP address of the DMZ NIC of the OBSD firewall.
It didn't know how to route ihe replies to the outside and hence
nothing showed up on pflog0.
tcpdump is not limited to pflog0, you also can run it on a normal
interface. ;)
SSH in on the nameserver and run tcpdump on it's NIC
tcpdump -ni fxp0 port domain
Check if you see a DNS request coming in
=Adriaan=
Dear Readers;
My nameserver's default route is set to the ip address of the DMZ nic.
Also, when attempting to access my webserver via DNS from another
site, no DNS queries came through to my server while monitoring the
dump information on rl0 (my nameserver's nic).
Thanks;
Braden.
Dear Readers;
Ok, so I added these two lines to my pf.conf
rdr on rl0 proto udp from any to $pub_ns_a port domain -> $ns_a
rdr on rl0 proto udp from any to $pub_ns_b port doman -> $ns_b
Afterwards, while watching traffic on both my a and b server using
tcpdump -ni (my interface) port domain, my traffic now lights up with
domain requests. But, I still cannot seem to get on the internet with my
a server.
thanks;
Braden.
