> inet 10.0.0.0 netmask 0xff000000 broadcast 255.255.255.0 John
Without looking at anything else, that line jumps out at me. Are you certain that you want your broadcast set to '255.255.255.0'? Sounds like a netmask to me. On Fri, Oct 05, 2007 at 02:48:00PM -0400, a.padilla wrote: > ifconfig: > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224 > groups: lo > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 > inet 127.0.0.1 netmask 0xff000000 > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:18:4d:ea:33:0a > groups: egress > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet6 fe80::218:4dff:feea:330a%rl0 prefixlen 64 scopeid 0x1 > inet 192.168.0.111 netmask 0xffffff00 broadcast 192.168.0.255 > dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:14:bf:53:1e:fe > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet6 fe80::214:bfff:fe53:1efe%dc0 prefixlen 64 scopeid 0x2 > inet 10.0.0.0 netmask 0xff000000 broadcast 255.255.255.0 > pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224 > enc0: flags=0<> mtu 1536 > > pfctl > > TRANSLATION RULES: > nat on rl0 inet from 10.0.0.0/8 to any -> (rl0) round-robin > > FILTER RULES: > pass quick all flags S/SA keep state > No queue in use > > STATES: > all udp 239.255.255.250:1900 <- 192.168.0.1:1900 NO_TRAFFIC:SINGLE > all udp 192.168.0.111:1026 <- 24.64.244.238:33603 > NO_TRAFFIC:SINGLE > all udp 192.168.0.111:1027 <- 24.64.244.238:33603 > NO_TRAFFIC:SINGLE > all udp 192.168.0.111:1028 <- 24.64.244.238:33603 > NO_TRAFFIC:SINGLE > > INFO: > Status: Enabled for 0 days 00:25:29 Debug: Urgent > > State Table Total Rate > current entries 4 > searches 19533 12.8/s > inserts 126 0.1/s > removals 122 0.1/s > Counters > match 13620 8.9/s > bad-offset 0 0.0/s > fragment 0 0.0/s > short 0 0.0/s > normalize 0 0.0/s > memory 0 0.0/s > bad-timestamp 0 0.0/s > congestion 0 0.0/s > ip-option 0 0.0/s > proto-cksum 15 0.0/s > state-mismatch 0 0.0/s > state-insert 0 0.0/s > state-limit 0 0.0/s > src-limit 0 0.0/s > synproxy 0 0.0/s > > TIMEOUTS: > tcp.first 120s > tcp.opening 30s > tcp.established 86400s > tcp.closing 900s > tcp.finwait 45s > tcp.closed 90s > tcp.tsdiff 30s > udp.first 60s > udp.single 30s > udp.multiple 60s > icmp.first 20s > icmp.error 10s > other.first 60s > other.single 30s > other.multiple 60s > frag 30s > interval 10s > adaptive.start 6000 states > adaptive.end 12000 states > src.track 0s > > LIMITS: > states hard limit 10000 > src-nodes hard limit 10000 > frags hard limit 5000 > tables hard limit 1000 > table-entries hard limit 200000 > > TABLES: > > OS FINGERPRINTS: > 696 fingerprints loaded > > I feel exposed.... ;) > > On Oct 5, 2007, at 2:30 PM, Chad M Stewart wrote: > > >Ok, so it is something more basic than filtering. What is the > >output of the following > > > >ifconfig -A > > > >pfctl -s all > > > >sysctl -a|grep forward > > > > > >How are the obsd box and the client connected, from a networking > >perspective? Wired? Hub/Switch? direct with cross over cable? > > > > > >-Chad > > > >On Oct 5, 2007, at 2:21 PM, a.padilla wrote: > > > >>I commented out "pass out keep state" and added, after the nat rule, > >>pass quick all. Still nothing. > >> > >>I cant even ping from the server the private IP which the client > >>has.... > >> > >>I know the client is connected to the server, it shows up on > >>dhcpd.leases. Do you think its my dhcpd server that's wrong? > > > !DSPAM:1,4706873d263501130639322!