openBSD firewall question [Archive] - Glock Talk

PDA

View Full Version : openBSD firewall question


David_G17
11-16-2005, 10:16
I installed openBSD 3.8 on a spare computer and intend to setup a webserver on it.

I noticed iptables isn't installed, but I'm running into problems that seem to point to a local firewall installed.

What firewall software comes with openBSD?

And how can I disable all filtering to test out my setup?

David_G17
11-16-2005, 10:29
eta: disregard; didn't work. :(
problem likely solved with info from:

http://www.thedeepsky.com/howto/newbie_pf_guide.php

(can't test it until tonight).

IDtheTarget
11-16-2005, 10:45
I can't help with BSD, but if you want to give linux a try, I'm your guy. :) We use RedHat here at work, so the distro I use for training is CentOS (http://www.centos.org). They download RedHat's source code, remove the trademark stuff, and re-compile. (Yes, RedHat allows this. :) )

Sorry I couldn't help, but if you decide to switch, let me know.

David_G17
11-16-2005, 12:39
disregard my former post, still having problems.

pf wasn't enabled.

here is my setup:

Modem (192.168.1.1) -> Server (192.168.1.15)

from within the same network, I can type in http://192.168.15:8080 and get to the server.

but I can't type http://{public static ip}:8080 to get to it.

My ISP blocks port 80, but I have run an online port scanner which tells my port 8080 is open.

any suggestions?

David_G17
11-16-2005, 12:44
Originally posted by IDtheTarget
I can't help with BSD, but if you want to give linux a try, I'm your guy. :) We use RedHat here at work, so the distro I use for training is CentOS (http://www.centos.org). They download RedHat's source code, remove the trademark stuff, and re-compile. (Yes, RedHat allows this. :) )

Sorry I couldn't help, but if you decide to switch, let me know.

we've got Red Hat Enterprise Edition, but we're moving to Debian where i work :( I like fedora core, and if I can't get this straightened out, I may have to install FC.

thonl
11-16-2005, 13:43
192.168.1.1 has to have some sort of port forwarding feature in order to allow outside access. You have to be able to tell it to forward :8080 requests to your inside machine, otherwise it is just trying to hit :8080 on the modem itself.

David_G17
11-16-2005, 14:04
Originally posted by thonl
192.168.1.1 has to have some sort of port forwarding feature in order to allow outside access. You have to be able to tell it to forward :8080 requests to your inside machine, otherwise it is just trying to hit :8080 on the modem itself.

oops, I left that out of my description. The modem is set up to forward 8080 TCP requests to 192.168.1.15

eta: actually, now that you mention it, I was playing with it earlier, and it may have two rules: one to forward 8080 traffic to 192.168.1.15 and one to forward 8080 traffic to 192.168.1.3 - I'm sure that could cause a conflict.

edited again: well, still having same problem.