ifconfig:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:18:4d:ea:33:0a
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::218:4dff:feea:330a%rl0 prefixlen 64 scopeid 0x1
inet 192.168.0.111 netmask 0xffffff00 broadcast 192.168.0.255
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:14:bf:53:1e:fe
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::214:bfff:fe53:1efe%dc0 prefixlen 64 scopeid 0x2
inet 10.0.0.0 netmask 0xff000000 broadcast 255.255.255.0
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
enc0: flags=0<> mtu 1536
pfctl
TRANSLATION RULES:
nat on rl0 inet from 10.0.0.0/8 to any -> (rl0) round-robin
FILTER RULES:
pass quick all flags S/SA keep state
No queue in use
STATES:
all udp 239.255.255.250:1900 <- 192.168.0.1:1900 NO_TRAFFIC:SINGLE
all udp 192.168.0.111:1026 <- 24.64.244.238:33603
NO_TRAFFIC:SINGLE
all udp 192.168.0.111:1027 <- 24.64.244.238:33603
NO_TRAFFIC:SINGLE
all udp 192.168.0.111:1028 <- 24.64.244.238:33603
NO_TRAFFIC:SINGLE
INFO:
Status: Enabled for 0 days 00:25:29 Debug: Urgent
State Table Total Rate
current entries 4
searches 19533 12.8/s
inserts 126 0.1/s
removals 122 0.1/s
Counters
match 13620 8.9/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 15 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
TIMEOUTS:
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
tcp.tsdiff 30s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 30s
interval 10s
adaptive.start 6000 states
adaptive.end 12000 states
src.track 0s
LIMITS:
states hard limit 10000
src-nodes hard limit 10000
frags hard limit 5000
tables hard limit 1000
table-entries hard limit 200000
TABLES:
OS FINGERPRINTS:
696 fingerprints loaded
I feel exposed.... ;)
On Oct 5, 2007, at 2:30 PM, Chad M Stewart wrote:
Ok, so it is something more basic than filtering. What is the
output of the following
ifconfig -A
pfctl -s all
sysctl -a|grep forward
How are the obsd box and the client connected, from a networking
perspective? Wired? Hub/Switch? direct with cross over cable?
-Chad
On Oct 5, 2007, at 2:21 PM, a.padilla wrote:
I commented out "pass out keep state" and added, after the nat rule,
pass quick all. Still nothing.
I cant even ping from the server the private IP which the client
has....
I know the client is connected to the server, it shows up on
dhcpd.leases. Do you think its my dhcpd server that's wrong?
