A packet fowarding? question

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

A packet fowarding? question

Stan-18
I have ste up 3 4.6 machines under VirtualBox, in a effort to build a
"demo" of OpenBSD's firewalling capabalites, and things are not working as
I expect. Let me describe what I have.

I have created 3 machines "outside" fw1, and fw2. fw1, and fw2 are a pretty
standard pair of redundant irewals ysing carp, and pfsync.  ll 3 interfaces
on each are set up as "internal network" cards in VirtualBox, and are
configured as follows:

          fw1           fw2
        -------       --------
pcn0    192.168.1.10  102.168.1.20
pcn1    192.168.10.10 192.168.10.20
pcn2    192.168.20.10 192.168.20.20
carp0   192.168.1.2   192.168.1.2
carp1   192.168.10.2  192.168.10.2

/etc/mygate on both machines contains: 192.168.1.3

The "outside" machine has one interface set up as an "internal networ" and
one set up as a "bridged adapter". This inteface is set up to use dhcp, and
obtains an address, routes, and nameservers from the appropriate dhcp
server on my network. This virtal machine can then access bot my local
network, and the outside world corectly. The "internal networ" inerface has
the IP set to192.168.1.3. I have the following in /etc/sysctl.conf on this
machine net.inet/forwarding=1.

The firewall machines can ping 192.168.1.3, abd when I try to ping the
address obtaned on the outside machine by dhcp, I see thee packes arriveing
at he 192.168.1.3 interface. But they cannot oing the dhcp obtained
address, and tcpdump on that nerface does not show these packes.

What am I doin wrong here?


--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?