Re: remote access failing . . .
From: clvrmnky (clvrmnky-uunet_at_coldmail.com.invalid)
Date: 06/28/05
- Previous message: dave: "pftpx issue with data connections"
- In reply to: John Williams: "remote access failing . . ."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 28 Jun 2005 13:40:56 -0400
On 28/06/2005 3:33 AM, John Williams wrote:
[...]
> When the OpenBSD box is up and I run traceroute from an externl site,
> the trace halts at a router (on the Verizon network) one hop away
> from connecting to my network segment. I've verified this by
> running a traceroute from the FreeBSD box and the traceroute traces
> to my FreeBSD gateway host with no problem.
>
This is consistent with the trace packets being blocked by the firewall.
One often blocks incoming ICMP packets as a matter of course. You
should not necessarily expect ICMP packets of any kind to be accepted by
an OBSD box running pf.
First, disable the firewall for a bit and see if connectivity works as
expected. If so, then you know that your firewall is too restrictive
for your needs. Figure out what you would like to do (i.e., what
services you allow others to contact from the outside) and allow those
in. Default deny the rest and it should all work.
I keep an /etc/pf.conf.easy around with two lines in it for testing:
pass in all
pass out all
- Previous message: dave: "pftpx issue with data connections"
- In reply to: John Williams: "remote access failing . . ."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
