>       inet 10.0.0.0 netmask 0xff000000 broadcast 255.255.255.0

John

Without looking at anything else, that line jumps out at me.  Are you
certain that you want your broadcast set to '255.255.255.0'?  Sounds
like a netmask to me.

On Fri, Oct 05, 2007 at 02:48:00PM -0400, a.padilla wrote:
> ifconfig:
> 
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
>       groups: lo
>       inet6 ::1 prefixlen 128
>       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
>       inet 127.0.0.1 netmask 0xff000000
> rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>       lladdr 00:18:4d:ea:33:0a
>       groups: egress
>       media: Ethernet autoselect (100baseTX full-duplex)
>       status: active
>       inet6 fe80::218:4dff:feea:330a%rl0 prefixlen 64 scopeid 0x1
>       inet 192.168.0.111 netmask 0xffffff00 broadcast 192.168.0.255
> dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>       lladdr 00:14:bf:53:1e:fe
>       media: Ethernet autoselect (100baseTX full-duplex)
>       status: active
>       inet6 fe80::214:bfff:fe53:1efe%dc0 prefixlen 64 scopeid 0x2
>       inet 10.0.0.0 netmask 0xff000000 broadcast 255.255.255.0
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
> enc0: flags=0<> mtu 1536
> 
> pfctl
> 
> TRANSLATION RULES:
> nat on rl0 inet from 10.0.0.0/8 to any -> (rl0) round-robin
> 
> FILTER RULES:
> pass quick all flags S/SA keep state
> No queue in use
> 
> STATES:
> all udp 239.255.255.250:1900 <- 192.168.0.1:1900       NO_TRAFFIC:SINGLE
> all udp 192.168.0.111:1026 <- 24.64.244.238:33603        
> NO_TRAFFIC:SINGLE
> all udp 192.168.0.111:1027 <- 24.64.244.238:33603        
> NO_TRAFFIC:SINGLE
> all udp 192.168.0.111:1028 <- 24.64.244.238:33603        
> NO_TRAFFIC:SINGLE
> 
> INFO:
> Status: Enabled for 0 days 00:25:29           Debug: Urgent
> 
> State Table                          Total             Rate
>   current entries                        4
>   searches                           19533           12.8/s
>   inserts                              126            0.1/s
>   removals                             122            0.1/s
> Counters
>   match                              13620            8.9/s
>   bad-offset                             0            0.0/s
>   fragment                               0            0.0/s
>   short                                  0            0.0/s
>   normalize                              0            0.0/s
>   memory                                 0            0.0/s
>   bad-timestamp                          0            0.0/s
>   congestion                             0            0.0/s
>   ip-option                              0            0.0/s
>   proto-cksum                           15            0.0/s
>   state-mismatch                         0            0.0/s
>   state-insert                           0            0.0/s
>   state-limit                            0            0.0/s
>   src-limit                              0            0.0/s
>   synproxy                               0            0.0/s
> 
> TIMEOUTS:
> tcp.first                   120s
> tcp.opening                  30s
> tcp.established           86400s
> tcp.closing                 900s
> tcp.finwait                  45s
> tcp.closed                   90s
> tcp.tsdiff                   30s
> udp.first                    60s
> udp.single                   30s
> udp.multiple                 60s
> icmp.first                   20s
> icmp.error                   10s
> other.first                  60s
> other.single                 30s
> other.multiple               60s
> frag                         30s
> interval                     10s
> adaptive.start             6000 states
> adaptive.end              12000 states
> src.track                     0s
> 
> LIMITS:
> states        hard limit    10000
> src-nodes     hard limit    10000
> frags         hard limit     5000
> tables        hard limit     1000
> table-entries hard limit   200000
> 
> TABLES:
> 
> OS FINGERPRINTS:
> 696 fingerprints loaded
> 
> I feel exposed.... ;)
> 
> On Oct 5, 2007, at 2:30 PM, Chad M Stewart wrote:
> 
> >Ok, so it is something more basic than filtering.  What is the  
> >output of the following
> >
> >ifconfig -A
> >
> >pfctl -s all
> >
> >sysctl -a|grep forward
> >
> >
> >How are the obsd box and the client connected, from a networking  
> >perspective?  Wired?  Hub/Switch?  direct with cross over cable?
> >
> >
> >-Chad
> >
> >On Oct 5, 2007, at 2:21 PM, a.padilla wrote:
> >
> >>I commented out "pass out keep state" and added, after the nat rule,
> >>pass quick all.  Still nothing.
> >>
> >>I cant even ping from the server the private IP which the client  
> >>has....
> >>
> >>I know the client is connected to the server, it shows up on
> >>dhcpd.leases.  Do you think its my dhcpd server that's wrong?
> 
> 
> !DSPAM:1,4706873d263501130639322!

Reply via email to