ProxyCope geen internet

[huub]

Zelfde verschijnsel als bij ProxyDeClercq:
ProxyCope# fetch -o /dev/null ​http://www.nu.nl
...

ProxyCope# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Operation not permitted

Is er iets mis met de firewall regels?

ProxyCope# pfctl -s rules
No ALTQ support in kernel
ALTQ related functions disabled
pass out on sis0 all flags S/SA keep state (source-track rule, max-src-states 10)
pass on lo0 all flags S/SA keep state
block drop in all
pass in on sis0 inet proto tcp from any to 83.162.36.91 port = ssh flags S/SA keep state
pass in on sis1 inet proto tcp from 172.16.0.0/12 to 172.17.8.68 port = ssh flags S/SA keep state
pass in on sis1 inet proto tcp from 172.16.0.0/12 to 172.17.8.68 port = domain flags S/SA keep state
pass in on sis1 inet proto udp from 172.16.0.0/12 to 172.17.8.68 port = domain keep state
pass in on sis1 inet proto tcp from any to any port = http flags S/SA keep state
pass in on sis1 inet proto tcp from any to any port = https flags S/SA keep state
pass in on sis1 inet proto icmp from 172.16.0.0/12 to 172.17.8.68 keep state

Op ProxyPlantsoen (die het wel goed doet) zie ik:
ProxyPlantsoen# pfctl -s rules
No ALTQ support in kernel
ALTQ related functions disabled
block drop in on sis0 inet from any to 10.0.1.100
block drop in on sis1 inet from any to 172.17.169.66
pass in on sis1 inet proto tcp from 172.16.0.0/12 to any port = http flags S/SA keep state
pass in on sis1 inet proto tcp from 172.16.0.0/12 to any port = https flags S/SA keep state
pass out on sis1 all flags S/SA keep state
pass out on sis0 all flags S/SA keep state
block drop in on sis1 inet proto tcp from 172.16.0.0/12 to 172.17.169.66 port = http
block drop in on sis1 inet proto tcp from 172.16.0.0/12 to 172.17.169.66 port = https
pass in on sis1 inet proto udp from 172.16.0.0/12 to 172.17.169.66 port = domain keep state
pass in on sis1 inet proto udp from 172.16.0.0/12 to 172.17.169.66 port = ntp keep state
pass in on sis1 inet proto udp from 172.16.0.0/12 to 172.17.169.66 port = snmp keep state
pass in on sis1 inet proto udp from 172.16.0.0/12 to 172.17.169.66 port = 12345 keep state
pass in on sis1 inet proto tcp from 172.16.0.0/12 to 172.17.169.66 port = ssh flags S/SA keep state
pass in on sis1 inet proto tcp from 172.16.0.0/12 to 172.17.169.66 port = ntp flags S/SA keep state
pass in on sis1 inet proto tcp from 172.16.0.0/12 to 172.17.169.66 port = 3128 flags S/SA keep state
pass in on sis1 inet proto icmp from 172.16.0.0/12 to 172.17.169.66 keep state
pass in on sis0 inet proto tcp from any to 10.0.1.100 port = ssh flags S/SA keep state
pass in on sis0 inet proto udp from any to 10.0.1.100 port = snmp keep state
pass on sis0 inet from 10.0.0.0/8 to 172.16.0.0/12 flags S/SA keep state
pass on sis0 inet from 192.168.0.0/16 to 172.16.0.0/12 flags S/SA keep state
block drop on sis1 inet from 172.16.0.0/12 to 10.0.0.0/8
block drop on sis1 inet from 172.16.0.0/12 to 192.168.0.0/16
pass in on sis1 all flags S/SA keep state

?

[richardvm]

rc.conf.local:
ileiden_enable="False"
gateway_enable="False"

Python False != rc.conf.local NO

[richardvm]

ander probleem, excuses. dacht dat nodecope stond (naar veranderingen)

[richardvm]

stond nog een oude firewall file op, vervangen voor de nieuwste:
ProxyCope# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=56 time=22.097 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=21.712 ms

[huub]

Dit is toch kennelijk niet de allernieuwste. Op ProxyLHS staat nog weer een andere pf.conf:

ProxyCope# diff /etc/pf.conf /tmp/pf.conf.LHS
45a46,47

# Otherwise lvrouted breaks:
pass in on $int_if

Nu draait op ProxyCope geen lvrouted, maar het zou wel handig zijn om overal dezelfde pf.conf te gebruiken.
ProxyCope is weer OK, ik kan ook webpagina's ophalen vanaf NodeCope via de proxy. Ook dns werkt.