[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and Novell (Resolved)

To: misc@openbsd.org
Subject: Re: PF and Novell (Resolved)
From: Miquel Abdon Jimenez <Miquel.Abdon@uab.es>
Date: Thu, 08 May 2003 17:49:37 +0200
Content-return: allowed

It was SLP protocol in port 427 UDP.

-----Original Message-----
From: Miquel Abdon Jimenez <Miquel.Abdon@uab.es>
To: misc@openbsd.org
Date: Thu, 08 May 2003 17:10:17 +0200
Subject: PF and Novell

I've got a bridged firewall with OpenBSD 3.3. All works fine. Novell clents works fine. If I reinstall with an Imagecast image the workstation, after the postconfig, Novell client gives an error: NICI Error!
The interface is connected. And after reboot five minutes later or three reboots all works. Whats happening?

Here is my pf.conf (masked IP's for privacy)

# Definimos variables
lan="xl0"
wan="ep0"
Reservadas="{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

# Permitimos el log de paquetes y bytes en la red interna
set loginterface xl0

# Eliminar los paquetes fragmentados y anómalos (Reduce trafico y carga)
scrub in all
 
# Evitamos el paso a Ip's reservadas (spoofed)
block in quick on $wan from $Reservadas to any
block out quick on $wan from $Reservadas to any

# Bloquear todos los paquetes entrantes y salientes por definicion
# Excepto los que tengan el paso permitido en las reglas siguientes
block in on $wan all
block out on $wan all

# Permitir paso libre por la interfaz lan
pass in on $lan all
pass out on $lan all



# Permitimos el paso del DHCP de ZEUS 
pass in on $wan proto udp from *.*.*.* to any port 68

# Permitimos el paso de ImageCast desde maquina de GUS i la del CCD
pass in on $wan from *.*.*.* to any keep state
pass in on $wan from *.*.*.* to any keep state

# Permitimos el paso de Novell
pass in on $wan proto tcp from any port 524 to any keep state

# Permitimos el paso a HTTPD para Maquina privada
pass in on $wan proto tcp from *.*.*.* to *.*.*.* port 80 keep state
# Para borrar, permitimos paso de web i de ssh
# pass in on $wan proto tcp from *.*.*.* to *.*.*.* port 22 keep state
# pass in on $wan proto tcp from *.*.*.* to *.*.*.* port 22 keep state
# pass in on $wan proto tcp from  any to *.*.*.* port 80 keep state

# Dejar salir el trafico saliente, y mantener el estado en
# las conexiones establecidas
pass  out on $wan inet proto tcp  all flags S/SA keep state
pass  out on $wan inet proto udp  all keep state
pass  out on $wan inet proto icmp all keep state

Prev by Date: Re: Hi all, Someone had OpenBSD 3.x on a DELL Inspiron 2500
Next by Date: hppa snapshot on 725/100
Prev by thread: Re: php4 + postgresql
Next by thread: hppa snapshot on 725/100
Index(es):
- Date
- Thread