Skip navigation.
Home
The QNX Community Portal

View topic - pf.conf

pf.conf

Discussion about the QNX6 OS.

pf.conf

Postby spinmar » Wed Jul 09, 2014 4:21 pm

Hi all,
I have a problem in my system with qnx 6.4.
My system has more interfaces:
en5 = this is connected to my router (192.168.0.1) which gives it the ip 192.168.0.100
uap0 = wireless interfaces which has ip 192.168.1.X
The wireless interface can be work only in ap mode and not client mode.
I can connect my phone to uap0 and it gives me the ip 192.168.1.100
I'd like to be able to route wireless traffic to interface en5 to be able to go to internet with my phone.
I suppose that I have to work with nat rules but I have a problem because actually it doesn't work.
In my system the variable

net.inet.ip.forwarding=1

and my pf.conf is the following:

Code: Select all
int_if = "en5"
icmp_types = "echoreq"
broadcast_add = "255.255.255.255/32"

# scrub
scrub in all no-df

# outgoing connections on MOST must not exceed 968 segmentsize (MTU 1008 total)
scrub out on mam0 max-mss 968

# Skip all PF filtering on lo0
set skip on lo0

### NAT/redirection rules
### table name has to be used in SW to alter table
table <natRangeTable> { 192.168.1.0/24, 10.0.0.101 }
nat on ppp0 from <natRangeTable> to any -> (ppp0)
nat on en5 from <natRangeTable> to any -> (en5)
nat on uap0 from 192.168.1.0/24 to any -> (en5)

# DNS redirect rules
rdr-anchor dnsRedirect1
rdr-anchor dnsRedirect2
rdr-anchor dnsRedirect3
rdr-anchor dnsRedirect4


### filter rules
pass out keep state

pass in quick on mam0 keep state
pass in quick on mep0 keep state
pass in quick on mhp0 keep state
pass quick on uap0 from 192.168.1.0/24 to 192.168.1.1
pass in quick on uap0 keep state
pass in quick on $int_if keep state
#block in on uap0

block in quick on uap0 from any to (mam0:network)
block in quick on uap0 from any to (mhp0:network)
block in quick on uap0 from any to (ppp0)
#block in quick on uap0 from any to (en5:network)

# pass through DHCP from WLAN to DHCP server
pass in quick on uap0 proto udp from any port bootpc to $broadcast_add port bootps keep state
pass in quick on uap0 to $broadcast_add keep state

# pass in SSDP messages (out is not blocked)
pass in quick on uap0 proto udp from any to 239.255.255.250 port 1900 keep state

# let our http server on 8100 for UPnP be reachable
pass in quick on uap0 proto tcp from any to any port 8100 keep state
pass in quick on uap0 from any to 224.0.0.0/4 keep state
pass in quick on uap0 proto udp to (uap0) port 49152:65535

# use external traffic from WLAN as trigger for dial-up
anchor dialUpTrigger

pass in quick inet proto icmp all icmp-type $icmp_types keep state


and my ifconfid is the following:

Code: Select all
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192
    inet 127.0.0.1 netmask 0xff000000
pflog0: flags=100<PROMISC> mtu 33192
mam0: flags=843<UP,BROADCAST,RUNNING,SIMPLEX> mtu 1008
    address: 00:00:00:00:01:00
    inet 10.0.0.100 netmask 0xffffff00 broadcast 10.0.0.255
mhp0: flags=842<BROADCAST,RUNNING,SIMPLEX> mtu 1500
    address: 00:00:00:00:01:00
en5: flags=80008a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST,SHIM> mtu 1500
    address: 00:80:c8:3c:77:7e
    media: Ethernet 10baseT full-duplex
    status: active
    inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
uap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    address: 00:1c:d7:25:20:89
    media: <unknown type> autoselect
    inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
    link 00:00:00:00:00:00


The output of pfctls -s all is:

Code: Select all
TRANSLATION RULES:
nat on ppp0 from <natRangeTable> to any -> (ppp0) round-robin
nat on en5 from <natRangeTable> to any -> (en5) round-robin
rdr-anchor "dnsRedirect1" all
rdr-anchor "dnsRedirect2" all
rdr-anchor "dnsRedirect3" all
rdr-anchor "dnsRedirect4" all

FILTER RULES:
scrub in all no-df fragment reassemble
scrub out on mam0 all max-mss 968 fragment reassemble
pass out all keep state
pass in quick on mam0 all keep state
pass in quick on mep0 all keep state
pass in quick on mhp0 all keep state
pass in quick on en5 all keep state
block drop in on uap0 all
block drop in quick on uap0 from any to (mam0:network)
block drop in quick on uap0 from any to (mhp0:network)
block drop in quick on uap0 from any to (ppp0)
block drop in quick on uap0 from any to (en5:network)
pass in quick on uap0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootp keep state
pass in quick on uap0 inet from any to 255.255.255.255 keep state
pass in quick on uap0 inet proto udp from any to 239.255.255.250 port = 1900 keep state
pass in quick on uap0 proto tcp from any to any port = 8100 keep state
pass in quick on uap0 inet from any to 224.0.0.0/4 keep state
pass in quick on uap0 proto udp from any to (uap0) port 49152:65535
anchor "dialUpTrigger" all
pass in quick inet proto icmp all icmp-type echoreq keep state
No queue in use

STATES:
self tcp 127.0.0.1:65515 -> 127.0.0.1:4444       ESTABLISHED:ESTABLISHED
self tcp 192.168.0.100:65486 -> 173.194.35.7:80       TIME_WAIT:TIME_WAIT

INFO:
Status: Enabled for 0 days 00:19:48           Debug: Urgent

Hostid: 0xc7e39f50

State Table                          Total             Rate
  current entries                        2               
  searches                           15019           12.6/s
  inserts                              169            0.1/s
  removals                             167            0.1/s
Counters
  match                                213            0.2/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                         0            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s

TIMEOUTS:
tcp.first                   120s
tcp.opening                  30s
tcp.established           86400s
tcp.closing                 900s
tcp.finwait                  45s
tcp.closed                   90s
tcp.tsdiff                   30s
udp.first                    60s
udp.single                   30s
udp.multiple                 60s
icmp.first                   20s
icmp.error                   10s
other.first                  60s
other.single                 30s
other.multiple               60s
frag                         30s
interval                     10s
adaptive.start                0 states
adaptive.end                  0 states
src.track                     0s

LIMITS:
states     hard limit  10000
src-nodes  hard limit  10000
frags      hard limit   5000

TABLES:
natRangeTable

OS FINGERPRINTS:
345 fingerprints loaded


Can someone help me and tell me how to solve the problem?

Thanks
spinmar
New Member
 
Posts: 2
Joined: Thu Jun 26, 2014 3:31 pm

Re: pf.conf

Postby spinmar » Fri Jul 11, 2014 12:14 pm

Does anyone have an idea how to solve my problem?
spinmar
New Member
 
Posts: 2
Joined: Thu Jun 26, 2014 3:31 pm


Return to QNX6 - OS

Who is online

Users browsing this forum: Google [Bot] and 1 guest