Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: OpenBSD PF problems.

from [Vladamir] Network Security [Permanent Link]
Subject: Re: OpenBSD PF problems.
Date: Wed, 23 Mar 2005 01:25:26 -0500 
Try putting your "rdr" statements before your NAT statement.

F Walls wrote: 
Thanks Rafael, but no luck.

tcpdump -nettti pflog0 doesn't show any of the UDP ports that we are using 
getting blocked.

I tried with your suggestions:

pass in on $ext_if from any to $udpserver port 6666:7000 keep state

and alternatively:

pass in on $int_if from $udpserver to any port 6666:7000


and no luck, here is the broken ruleset as it stands, anybody else have any 
ideas?

#-------
# Macros
#-------
Content not important


scrub in all
#--------
# NAT
#--------
nat on $ext_if from $int_if:network to any ($ext_if)
rdr on $ext_if proto udp from any to ($ext_if) port 6666:7000 -> $udpserver 
port 6666:7000
rdr on $ext_if proto udp from any to ($ext_if) port 29200 -> $udpserver port 
29200

#--------
# Filters
#--------
block log all

pass quick on lo0 all

block drop in quick on $ext_if from $private_networks to any
block drop out quick on $ext_if from any to $private_networks

pass in on $ext_if proto udp from any to $udpserver port { 6666:7000, 29200 } pass in on $int_if proto udp from any to $udpserver port { 6666:7000, 29200 } 

pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto {udp, icmp} all keep state
pass out on $ext_if proto esp all keep state


Thanks for your help,

Frankie.

----- Original Message -----
From: "Rafael Henchen" <rafael@hoplon.com>
To: firewalls@securityfocus.com
Subject: Re: OpenBSD PF problems.
Date: Tue, 22 Mar 2005 16:47:26 -0300


Look at this 2 line in your conf:

pass in on $ext_if from any to $udpserver port 6666
pass in on $int_if from any to $udpserver port 6666 Now try this:

pass in on $ext_if from any to $udpserver port 6666 pass in on $int_if from $udpserver to any port 6666 I think that is the solution.

Or you can try

pass in on $ext_if from any to $udpserver port 6666  keep state


If this don't solve your problem try to debug using "tcpdump" in the interfaces to look the UDP dgrams flowing trought them.


F Walls wrote:


Hi there everybody this is my first post, it might be off-topic, but here we go:

I am having a problem with a UDP service that I am running, in that nobody can connect, these are my PF rules:

#-------
# Macros
#-------
Content not important


scrub in all
#--------
# NAT
#--------
nat on $ext_if from $int_if:network to any ($ext_if)
rdr on $ext_if proto udp from any to ($ext_if) port 6666 -> $udpserver port 6666 #--------
# Filters
#--------
block log all

pass quick on lo0 all

block drop in quick on $ext_if from $private_networks to any
block drop out quick on $ext_if from from any to $private_networks

pass in on $ext_if from any to $udpserver port 6666 pass in on $int_if from any to $udpserver port 6666 pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto {udp, icmp} all
pass out on $ext_if proto esp all keep state

Can anybody tell me what the problem is? I really want to know about the mistake that I am making so all verbose tips would be appreciated. Also is this PF rule secure?

Frankie




--      Atenciosamente,

        Rafael Henchen
        System Administrator
        - Hoplon Infotainment SA -


--------------------------------------------------------------------------
FREE Download - The Future in Desktop Firewalls is Available Now

NEW NetOp Desktop Firewall, the world's first driver-centric firewall software - protecting your laptops and corporate PCs at ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
-------------------------------------------------------------------------- 



--------------------------------------------------------------------------
FREE Download - The Future in Desktop Firewalls is Available Now

NEW NetOp Desktop Firewall, the world's first driver-centric firewall software - protecting your laptops and corporate PCs at ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Most secure small home office firewall under $700, Kevin
Next by Date:  Re: OpenBSD PF problems., Vladamir
Previous by Thread:  Re: OpenBSD PF problems., F Walls
Next by Thread:  Re: OpenBSD PF problems., Vladamir
Indexes:  [Date] [Thread] [Top] [All Lists]