Conversation

Notices

1. Embed this notice
   Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 05:41:31 JST Elegant Essence

   • Solène :flan_hacker:

   @solene Do you have an article on your website for a beginner's guide to setting up an #OpenBSD firewall router?

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 05:41:29 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence not really, it's already covered by https://www.openbsd.org/faq/pf/

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 06:13:59 JST Solène :flan_hacker:

     in reply to

     • jean-mi

     @ElegantEssence @jeanmimi basically, you just want the following:

     - block all incoming traffic
     - allow outgoing traffic

     if it's a router that does NAT, put a NAT rule

     nothing more is really necessary

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 06:14:00 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:
     • jean-mi

     @jeanmimi @solene I looked at the FAQ for router and every part of it only causes more questions for me and none of it is clear for me to follow so I don't learn anything from it.

   • Embed this notice
     jean-mi (jeanmimi@mamot.fr)'s status on Saturday, 02-Nov-2024 06:14:01 JST jean-mi

     in reply to

     • Solène :flan_hacker:

     @ElegantEssence @solene did you look the pf faq ?
     https://www.openbsd.org/faq/pf/index.html

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 06:35:17 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:

     @solene Before doing anything with pf.conf, I'm having issues getting an IP address. I can SSH in but it cannot reach anything online. I tried to do "cvs up"but the full command and it said "there is no address with that name" and can not cvs mirror.

     I enabled ip forwarding, trying to figure out what to put for hardware connections for hostname.

     I was able to install 7.6, got cvs source update and rebuild system. Now I'm trying to configure it for router use and it can't read or ping any URL

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 06:35:17 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence why did you rebuild?

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 06:41:59 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:

     @solene To apply all of the source patches with "make && make build".

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 06:41:59 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence just run syspatch if you are on amd64 or i386 ;)

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 06:53:49 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence check your dns

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 06:53:50 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:

     @solene Since I can SSH in but unable to go out and connect to any web address, do you think it can be fixed or do I have to wipe the drive and reinstall again?

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 07:10:52 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:

     @solene What's involved for that? Where do I start? What do I do for it?

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 07:10:52 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence what's the output of

     dig openbsd.org

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 07:15:30 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:

     @solene connection timed out; no servers could be reached

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 07:15:30 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence and

     dig openbsd.org @9.9.9.9 ?

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 07:22:27 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:

     @solene Again, "connection timed out; no servers could be reached"

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 07:22:27 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence what's your pf.conf ?

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 07:31:26 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence what about

     ping 9.9.9.9 ?

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 07:31:27 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:

     @solene
     cat /etc/pf.conf
     # $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
     #
     # See pf.conf(5) and /etc/examples/pf.conf

     set skip on lo

     block return # block stateless traffic
     pass # establish keep-state

     # By default, do not permit remote connections to X11
     block return in on ! lo0 proto tcp to port 6000:6010

     # Port build user does not need network
     block return out log proto {tcp udp} user _pbuild

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 07:38:27 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence you have a network problem that is not related to your OpenBSD system I think

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 07:38:28 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:

     @solene
     # ping 9.9.9.9
     PING 9.9.9.9 (9.9.9.9): 56 data bytes
     ping: sendmsg: Can't assign requested address
     ping: wrote 9.9.9.9 64 chars, ret=-1
     ping: sendmsg: Can't assign requested address
     ping: wrote 9.9.9.9 64 chars, ret=-1
     ping: sendmsg: Can't assign requested address
     ping: wrote 9.9.9.9 64 chars, ret=-1
     ping: sendmsg: Can't assign requested address
     ping: wrote 9.9.9.9 64 chars, ret=-1
     ping: sendmsg: Can't assign requested address
     ping: wrote 9.9.9.9 64 chars, ret=-1

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 07:43:27 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence check the default route

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 07:43:28 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:

     @solene
     I currently have 3 other systems streaming information from online while messaging you, only the OpenBSD system can't connect to anything, but everything system can load websites, stream video, etc.

   • Embed this notice
     Elegant Essence (elegantessence@mastodon.social)'s status on Saturday, 02-Nov-2024 07:54:11 JST Elegant Essence

     in reply to

     • Solène :flan_hacker:

     @solene How? Where?

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 02-Nov-2024 07:54:11 JST Solène :flan_hacker:

     in reply to

     @ElegantEssence see the man page of the route command

     I can't help you more, I don't know where this system is installed but either its network configuration is wrong, or the network provider (a vm hypervisor maybe?) is doing too much filtering