Discussion:
Openbsd Routing Issues
peterwkc
2014-03-22 02:59:18 UTC
Permalink
Hello to all, I had try to set up openbsd as home router but eventually it
fail to function properly.

External Interface (vr0)
192.168.1.2 255.255.255.0 none

Internal Interface (rl0)
172.16.10.1 255.255.255.0 none

Wireless Interface (ath0)
192.168.5.1 255.255.255.0 none

*Routing Table* (route show | more)
Destination Gateway Flags Interface
default 175.13.8.127.254 UGS tun0
loopback loopback UGRS lo0
loopback loopback UH lo0
172.16.10/24 link#2 UC rl0
172.16.10.3 inet6 UHLC rl0
175.130.127.254 175.135.116.213 (PPPOE IP address) UH tun0
192.168.1/24 link#1 UC vr0
192.168.5/24 link#3 UC ath0

My wireless interface light is keep on blinking rather stay on stable mode.

*Packet Filter Rules* (pfcrt -sr)
nat on vr0 from !(vr0) to any -> (vr0) round-robin
scrub on vr0 all no-df fragment reassemble
scrub on vr0 all reassemble tcp

block drop in log on vr0 all
pass out quick on ath0/rl0 keep state.


Please help me why my pc cannot connect to internet. My pc can even ping
external interface ip address (192.168.1.2) but it shows no internet access.

Please help.



























--
View this message in context: http://openbsd.7691.n7.nabble.com/Openbsd-Routing-Issues-tp244695.html
Sent from the openbsd - packet filter mailing list archive at Nabble.com.
Stuart Henderson
2014-03-22 10:23:45 UTC
Permalink
Have you set the net.inet.ip.forwarding sysctl?

That's a very old version of OpenBSD if the "nat on vr0" rule is valid syntax...
Peter N. M. Hansteen
2014-03-22 10:55:48 UTC
Permalink
Post by peterwkc
Hello to all, I had try to set up openbsd as home router but eventually it
fail to function properly.
External Interface (vr0)
192.168.1.2 255.255.255.0 none
Internal Interface (rl0)
172.16.10.1 255.255.255.0 none
Wireless Interface (ath0)
192.168.5.1 255.255.255.0 none
*Routing Table* (route show | more)
Destination Gateway Flags Interface
default 175.13.8.127.254 UGS tun0
loopback loopback UGRS lo0
loopback loopback UH lo0
172.16.10/24 link#2 UC rl0
172.16.10.3 inet6 UHLC rl0
175.130.127.254 175.135.116.213 (PPPOE IP address) UH tun0
192.168.1/24 link#1 UC vr0
192.168.5/24 link#3 UC ath0
That "172.16.10.3 inet6 UHLC rl0" looks a bit odd, but possibly not destructive.
Post by peterwkc
My wireless interface light is keep on blinking rather stay on stable mode.
*Packet Filter Rules* (pfcrt -sr)
nat on vr0 from !(vr0) to any -> (vr0) round-robin
scrub on vr0 all no-df fragment reassemble
scrub on vr0 all reassemble tcp
block drop in log on vr0 all
pass out quick on ath0/rl0 keep state.
Which version are you on? This sounds distinctly pre-4.7, and if so
you're running a release that's been unsupported for several years
already.

(btw doesn't that say nat in both directions? and round-robin over
several addressses? low on caffeine, but do check the logic of that
one)
Post by peterwkc
Please help me why my pc cannot connect to internet. My pc can even ping
external interface ip address (192.168.1.2) but it shows no internet access.
I'm still a bit low on caffeine in my bloodstream, but did you enable
forwarding? As in check the value of

$ sysctl net.inet.ip.forwarding

if it's 1, your problem lies elsewhere.

- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
peterwkc
2014-03-24 04:28:34 UTC
Permalink
My openbsd version is 4.1. The net.inet.ip.forwarding shows 1.

Any other hints ?

Please help.

Thanks.



--
View this message in context: http://openbsd.7691.n7.nabble.com/Openbsd-Routing-Issues-tp244695p244818.html
Sent from the openbsd - packet filter mailing list archive at Nabble.com.
peterwkc
2014-03-25 09:29:46 UTC
Permalink
I can ping Google DNS (8.8.8.8) from Openbsd machine
I cannot ping Google DNS from LAN PC.

This has been confirmed by using tcpdump.

Please help. Thanks.



--
View this message in context: http://openbsd.7691.n7.nabble.com/Openbsd-Routing-Issues-tp244695p244890.html
Sent from the openbsd - packet filter mailing list archive at Nabble.com.
Daniel Hartmeier
2014-03-25 10:01:30 UTC
Permalink
I think you're passing some packets statelessly, because you don't block
Post by peterwkc
nat on vr0 from !(vr0) to any -> (vr0) round-robin
scrub on vr0 all no-df fragment reassemble
scrub on vr0 all reassemble tcp
block drop in log on vr0 all
pass out quick on ath0/rl0 keep state.
First, change the block rule to apply to all interfaces and directions:

block log all

Now you'll see (by tcpdump'ing pflog0) what is getting blocked.

Most likely, you also need

pass in on ath0/rl0 keep state
pass out on vr0 keep state

Kind regards,
Daniel

Loading...