| |
| |
| |
|
Comments:
<0> Can anyone point me to an example of starting a daemon on boot? I'm cribbing the old netatalk daemon startup into rc.local and not getting the result I am expecting
<1> hi
<2> heya
<3> evening, I think I'm missing something. I'm setting up an OpenBSD system as gateway. I can ping the outside from the box, but not thru the box
<4> are you using pf?
<3> yes, but it set to allow all for the moment
<4> NAT?
<3> I've also set net.inet.ip.forwarding=1
<3> right, nat.. haven't checked that one
<4> ***uming this is a gateway to the internet, then unless all your local boxes have static IPs, you will need NAT
<3> output from pfctl -sn : nat on ppp0 inet from 192.168.52.0/24 to any -> (ppp0) round-robin
<4> make sure you alter the sysctl in /etc/sysctl.conf as well as manually otherwise it will go back to 0 on reboot
<4> is the box you are pinging from in 192.168.52.0/24?
<3> yes, it is
<4> and you are testing by pinging an external IP?
<4> not a hostname
<3> yeah, I can ping the obsd box from my mac and the internet from the internet box. just nog the internet from my mac
<4> you are testing using an IP on the internet?
<4> not relying on DNS?
<3> I'm upgrading from obsd 3.4 to 3.8 and copied over the /etc/pf.conf
<3> no, pinging an direct ip address
<4> okay
<4> is pf definitely enabled?
<4> pfctl -e
<3> I don't know where the "round-robin" comes from, it isn't in my pf.conf
<4> it is a default
<4> don't worry about it, that nat rule is fine
<3> right, pfctl -e did the trick
<4> just make sure pf is enabled
<4> and if it is
<4> try with an absolutely minimal pf.conf
<4> also check your clients have the correct default route
<4> absolutely minimal == nat line and "p*** all"
<3> it started working after "pfctl -e". I forgot to set "pf=YES" in /etc/rc.conf
<4> okay
<3> going to reboot the box now and see if it comes up correctly
<3> one quick question.. where would be the correct place to call pptp-reconnect to fireup the pptp connection to the internet? rc.network or rc.local?
<4> there isn't an rc.network
<4> i'd likely do it in rc.local
<3> ok, thanks :)
<4> if you make sure to use ()s in pf.conf then IP changes will be fine
<4> you can also use ! commands in hostname.if for some things
<4> not sure if they are suitable for this
<3> from pf.conf: nat on $externif from $smurfnet to any -> ($externif)
<4> you can use things like :network instead of harcoding them too
<3> :network?
<4> yep
<3> I'll rtfm on that later ;) now an reboot to check if the system will come up correctly
<3> complete bootup went like a charm, thanks a lot, NicM!
<4> no probs
<3> any good reason to upgrade from 3.8 to 3.9? I've installed this system a while back as replacement for my old (3.4) firewall, but didn't get arround to finish it
<4> the pkg system has lots of improvements in 3.9
<3> now the old one crashed (hardware failure) and continued on this one, in the meantime 3.9 came out I noticed
<4> read plus39.html if you want to know all that changed
<3> k
Return to
#openbsd
or
Go to some related
logs:
#ubuntu
messenger live beta invite
undernet Pangaea
#firebird
#stocks
while loop to make bullseye
#qmail
#solaris
#politics
#wtf
|
|