IP Forwarding is not working?

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

IP Forwarding is not working?

雷致强
Hi,

Thanks for making OpenBSD so great. It has been my first and only choice for
routers. Recently I’ve just got a fanless PC with 4 NICs and have OpenBSD
6.0 installed on it as a router. Everything is working great except  the LANs
are blind to each other.

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 1a:cc:00:12:b1:9c
        index 1 priority 0 llprio 3
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.244.1 netmask 0xffffff00 broadcast 192.168.244.255
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 1a:cc:00:12:b1:9d
        index 2 priority 0 llprio 3
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 1a:cc:00:12:b1:9e
        index 3 priority 0 llprio 3
        media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
        status: active
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
em3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 1a:cc:00:12:b1:9f
        index 4 priority 0 llprio 3
        media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
        status: active
        inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255

em0 has a pppoe, which is the NIC for WAN. My PC is connecting to the router
via em3. The weird thing is my PC can access the Internet yet it timeout
pinging devices on em1 and em2.

$ ping 192.168.3.1
PING 192.168.3.1 (192.168.3.1): 56 data bytes
64 bytes from 192.168.3.1: icmp_seq=0 ttl=255 time=2.114 ms
64 bytes from 192.168.3.1: icmp_seq=1 ttl=255 time=2.045 ms
64 bytes from 192.168.3.1: icmp_seq=2 ttl=255 time=2.419 ms
^C
--- 192.168.3.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss

$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^C
--- 192.168.1.1 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss

$ ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
^C
--- 192.168.2.1 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss

The IP Forwarding has been enabled:

# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding=1

The NICs are 4 Intel 82583V. What goes wrong?

Thanks and best regards,
Siegfried

Reply | Threaded
Open this post in threaded view
|

Re: IP Forwarding is not working?

Mihai Popescu-3
What is the ifconfig configuration of your PC?
Do you run any pf configuration on your router?

I really doubt ip forwarding is broken, even on a snapshot!

Reply | Threaded
Open this post in threaded view
|

Re: IP Forwarding is not working?

雷致强
In reply to this post by 雷致强
Sorry, I forgot to post this:

OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4182605824 (3988MB)
avail mem = 4051369984 (3863MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebea0 (51 entries)
bios0: vendor American Megatrends Inc. version "5.6.5" date 08/15/2016
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT SSDT SSDT UEFI
acpi0: wakeup devices XHC1(S4) EHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
PWRB(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.47 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,
LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 83MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,
LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,
LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,
LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 87 pins
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus 3 (RP03)
acpiprt4 at acpi0: bus 4 (RP04)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C3(10@1500 mwait.1@0x52), C2(10@500 mwait.1@0x51),
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(10@1500 mwait.1@0x52), C2(10@500 mwait.1@0x51),
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(10@1500 mwait.1@0x52), C2(10@500 mwait.1@0x51),
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(10@1500 mwait.1@0x52), C2(10@500 mwait.1@0x51),
C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PLPE
acpipwrres1 at acpi0: PLPE
acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
"DMA0F28" at acpi0 not configured
acpibtn0 at acpi0: SLPB
"INT33BD" at acpi0 not configured
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD1F
cpu0: Enhanced SpeedStep 2000 MHz: speeds: 1993, 1992, 1909, 1826, 1743, 1660,
1577, 1494, 1411, 1328 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x0e
inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x0e
drm0 at inteldrm0
inteldrm0: msi
inteldrm0: 1024x768
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x0e: msi, AHCI
1.3
ahci0: port 0: 3.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, JWX 16GB MSATA, 2015> SCSI3 0/direct fixed
t10.ATA_JWX_16GB_MSATA_AA000000000003083363
sd0: 15104MB, 512 bytes/sector, 30932992 sectors, thin
"Intel Bay Trail TXE" rev 0x0e at pci0 dev 26 function 0 not configured
azalia0 at pci0 dev 27 function 0 "Intel Bay Trail HD Audio" rev 0x0e: msi
azalia0: no supported codecs
ppb0 at pci0 dev 28 function 0 "Intel Bay Trail I2C" rev 0x0e: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel 82583V" rev 0x00: msi, address
1a:cc:00:12:b1:9c
ppb1 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x0e: msi
pci2 at ppb1 bus 2
em1 at pci2 dev 0 function 0 "Intel 82583V" rev 0x00: msi, address
1a:cc:00:12:b1:9d
ppb2 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x0e: msi
pci3 at ppb2 bus 3
em2 at pci3 dev 0 function 0 "Intel 82583V" rev 0x00: msi, address
1a:cc:00:12:b1:9e
ppb3 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x0e: msi
pci4 at ppb3 bus 4
em3 at pci4 dev 0 function 0 "Intel 82583V" rev 0x00: msi, address
1a:cc:00:12:b1:9f
ehci0 at pci0 dev 29 function 0 "Intel Bay Trail EHCI" rev 0x0e: apic 1 int
23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
pcib0 at pci0 dev 31 function 0 "Intel Bay Trail LPC" rev 0x0e
ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail SMBus" rev 0x0e: apic 1 int
18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
isa0 at pcib0
isadma0 at isa0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
uhub1 at uhub0 port 1 "Intel product 0x07e6" rev 2.00/0.14 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (df2a2d85473019b8.a) swap on sd0b dump on sd0b
WARNING: / was not properly unmounted
pppoe0: LCP keepalive timeout

Reply | Threaded
Open this post in threaded view
|

Re: IP Forwarding is not working?

雷致强
In reply to this post by Mihai Popescu-3
Hi, I don’t really think ip forwarding is broken either as I can still
access the Internet.

# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
       index 6 priority 0 llprio 3
       groups: lo
       inet6 ::1 prefixlen 128
       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
       inet 127.0.0.1 netmask 0xff000000
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       lladdr 1a:cc:00:12:b1:9c
       index 1 priority 0 llprio 3
       media: Ethernet autoselect (100baseTX full-duplex)
       status: active
       inet 192.168.244.1 netmask 0xffffff00 broadcast 192.168.244.255
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       lladdr 1a:cc:00:12:b1:9d
       index 2 priority 0 llprio 3
       media: Ethernet autoselect (100baseTX full-duplex)
       status: active
       inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       lladdr 1a:cc:00:12:b1:9e
       index 3 priority 0 llprio 3
       media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
       status: active
       inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
em3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       lladdr 1a:cc:00:12:b1:9f
       index 4 priority 0 llprio 3
       media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
       status: active
       inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
enc0: flags=0<>
       index 5 priority 0 llprio 3
       groups: enc
       status: active
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
       index 7 priority 0 llprio 3
       dev: em0 state: session
       sid: 0x69cc PADI retries: 15 PADR retries: 0 time: 4d 13:55:21
       sppp: phase network authproto pap authname "lan1201210025"
       groups: pppoe egress
       status: active
       inet 27.9.22.243 --> 27.9.20.1 netmask 0xffffffff
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33144
       index 8 priority 0 llprio 3
       groups: pflog

# cat /etc/pf.conf
#       $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

set skip on lo

block return    # block stateless traffic
pass            # establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

pass out on egress from !(egress:network) to any nat-to (egress)

> On 10 Dec 2016, at 3:16 AM, Mihai Popescu <[hidden email]> wrote:
>
> What is the ifconfig configuration of your PC?
> Do you run any pf configuration on your router?
>
> I really doubt ip forwarding is broken, even on a snapshot!

Reply | Threaded
Open this post in threaded view
|

Re: IP Forwarding is not working?

雷致强
In reply to this post by Mihai Popescu-3
Sorry, I posted the wrong ifconfig configuration, this is the one on my Mac:

$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        ether 78:9f:70:79:b8:5a
        inet6 fe80::1c73:268c:55f4:65ef%en1 prefixlen 64 secured scopeid 0x4
        inet 192.168.3.32 netmask 0xffffff00 broadcast 192.168.3.255
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: active
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
        ether 38:c9:86:08:81:84
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect (none)
        status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
        options=60<TSO4,TSO6>
        ether 2a:00:00:fa:2f:c0
        media: autoselect <full-duplex>
        status: inactive
en3: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
        options=60<TSO4,TSO6>
        ether 2a:00:00:fa:2f:c1
        media: autoselect <full-duplex>
        status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
        ether 0a:9f:70:79:b8:5a
        media: autoselect
        status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
        ether be:e7:72:f1:a8:96
        inet6 fe80::bce7:72ff:fef1:a896%awdl0 prefixlen 64 scopeid 0x9
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=63<RXCSUM,TXCSUM,TSO4,TSO6>
        ether 2a:00:00:fa:2f:c0
        Configuration:
                id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
                maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
                root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
                ipfilter disabled flags 0x2
        member: en2 flags=3<LEARNING,DISCOVER>
                ifmaxaddr 0 port 6 priority 0 path cost 0
        member: en3 flags=3<LEARNING,DISCOVER>
                ifmaxaddr 0 port 7 priority 0 path cost 0
        nd6 options=201<PERFORMNUD,DAD>
        media: <unknown type>
        status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
        inet6 fe80::98f7:b520:f58b:14dc%utun0 prefixlen 64 scopeid 0xb
        nd6 options=201<PERFORMNUD,DAD>
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        inet 10.0.0.24 --> 10.0.0.1 netmask 0xff000000

> On 10 Dec 2016, at 3:16 AM, Mihai Popescu <[hidden email]> wrote:
>
> What is the ifconfig configuration of your PC?
> Do you run any pf configuration on your router?
>
> I really doubt ip forwarding is broken, even on a snapshot!

Reply | Threaded
Open this post in threaded view
|

Re: IP Forwarding is not working?

雷致强
en0 en2 and en3 are on my Mac, which is ok, the IP it is assigned is
192.168.3.32 (en1). My problem is that I cannot ping 192.168.1.1 (em1),
192.168.2.1 (em2) yet I can ping 192.168.3.1 (em3, the NIC my Mac is
connecting to) and I can access the Internet. Moreover, all the devices cannot
access the devices on other LANs.

This is what I got on the router:

# route -inet
route: unknown option -- i
usage: route [-dnqtv] [-T tableid] command [[modifiers] args]
commands: add, change, delete, exec, flush, get, monitor, show
# route show -inet
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            27.9.20.1          UGS     2656 45894821     -     8
pppoe0
BASE-ADDRESS.MCAST localhost          URS        0        0 32768     8 lo0
27.9.20.1          27.9.22.243        UH         1       48     -     8
pppoe0
27.9.22.243        27.9.22.243        UHl        0   112560     -     1
pppoe0
loopback           localhost          UGRS       0        0 32768     8 lo0
localhost          localhost          UHl        1      251 32768     1 lo0
192.168.1/24       192.168.1.1        UC         0  1302369     -     4 em1
192.168.1.1        1a:cc:00:12:b1:9d  UHLl       0    63715     -     1 em1
192.168.1.255      192.168.1.1        UHb        0   350100     -     1 em1
192.168.2/24       192.168.2.1        C          0        8     -     4 em2
192.168.2.1        1a:cc:00:12:b1:9e  UHLl       0     1951     -     1 em2
192.168.2.255      192.168.2.1        Hb         0        1     -     1 em2
192.168.3/24       192.168.3.1        UC         2       21     -     4 em3
192.168.3.1        1a:cc:00:12:b1:9f  UHLl       0    25515     -     1 em3
192.168.3.32       78:9f:70:79:b8:5a  UHLc       1  3399193     -     4 em3
192.168.3.33       f0:cb:a1:79:18:43  UHLc       0    67314     -     4 em3
192.168.3.255      192.168.3.1        UHb        0       75     -     1 em3
192.168.244/24     192.168.244.1      UC         0        0     -     4 em0
192.168.244.1      1a:cc:00:12:b1:9c  UHLl       0        0     -     1 em0
192.168.244.255    192.168.244.1      UHb        0        0     -     1 em0

> On 10 Dec 2016, at 6:45 AM, Fred <[hidden email]> wrote:
>
> On 12/09/16 19:35, 雷致强 wrote:
>> Sorry, I posted the wrong ifconfig configuration, this is the one on my
Mac:

>>
>> $ ifconfig
>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>> options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
>> inet 127.0.0.1 netmask 0xff000000
>> inet6 ::1 prefixlen 128
>> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
>> nd6 options=201<PERFORMNUD,DAD>
>> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
>> stf0: flags=0<> mtu 1280
>> en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> ether 78:9f:70:79:b8:5a
>> inet6 fe80::1c73:268c:55f4:65ef%en1 prefixlen 64 secured scopeid 0x4
>> inet 192.168.3.32 netmask 0xffffff00 broadcast 192.168.3.255
>> nd6 options=201<PERFORMNUD,DAD>
>> media: autoselect
>> status: active
>> en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
>> ether 38:c9:86:08:81:84
>> nd6 options=201<PERFORMNUD,DAD>
>> media: autoselect (none)
>> status: inactive
>> en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
>> options=60<TSO4,TSO6>
>> ether 2a:00:00:fa:2f:c0
>> media: autoselect <full-duplex>
>> status: inactive
>> en3: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
>> options=60<TSO4,TSO6>
>> ether 2a:00:00:fa:2f:c1
>> media: autoselect <full-duplex>
>> status: inactive
>> p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
>> ether 0a:9f:70:79:b8:5a
>> media: autoselect
>> status: inactive
>> awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
>> ether be:e7:72:f1:a8:96
>> inet6 fe80::bce7:72ff:fef1:a896%awdl0 prefixlen 64 scopeid 0x9
>> nd6 options=201<PERFORMNUD,DAD>
>> media: autoselect
>> status: active
>> bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> options=63<RXCSUM,TXCSUM,TSO4,TSO6>
>> ether 2a:00:00:fa:2f:c0
>> Configuration:
>> id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
>> maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
>> root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
>> ipfilter disabled flags 0x2
>> member: en2 flags=3<LEARNING,DISCOVER>
>>        ifmaxaddr 0 port 6 priority 0 path cost 0
>> member: en3 flags=3<LEARNING,DISCOVER>
>>        ifmaxaddr 0 port 7 priority 0 path cost 0
>> nd6 options=201<PERFORMNUD,DAD>
>> media: <unknown type>
>> status: inactive
>> utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
>> inet6 fe80::98f7:b520:f58b:14dc%utun0 prefixlen 64 scopeid 0xb
>> nd6 options=201<PERFORMNUD,DAD>
>> ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
>> inet 10.0.0.24 --> 10.0.0.1 netmask 0xff000000
>>
>>> On 10 Dec 2016, at 3:16 AM, Mihai Popescu <[hidden email]> wrote:
>>>
>>> What is the ifconfig configuration of your PC?
>>> Do you run any pf configuration on your router?
>>>
>>> I really doubt ip forwarding is broken, even on a snapshot!
>>
> This is really confusing - en0 en2 and en3 are not active...
>
> but em1 and em2 are your issue?
>
> what does route show -inet say?
>
> hth
>
> Fred
>
>

Thanks and best regards,
Siegfried

Reply | Threaded
Open this post in threaded view
|

Re: IP Forwarding is not working?

雷致强
Hello,

It turns out this only happens when I assign IPs to em1, em2 and em3 directly.
After I bridged them with different virtual ethernets, everything works fine.
Can anybody tell me why? Thanks!

> On 10 Dec 2016, at 2:21 PM, 雷致强 <[hidden email]> wrote:
>
> en0 en2 and en3 are on my Mac, which is ok, the IP it is assigned is
192.168.3.32 (en1). My problem is that I cannot ping 192.168.1.1 (em1),
192.168.2.1 (em2) yet I can ping 192.168.3.1 (em3, the NIC my Mac is
connecting to) and I can access the Internet. Moreover, all the devices cannot
access the devices on other LANs.

>
> This is what I got on the router:
>
> # route -inet
> route: unknown option -- i
> usage: route [-dnqtv] [-T tableid] command [[modifiers] args]
> commands: add, change, delete, exec, flush, get, monitor, show
> # route show -inet
> Routing tables
>
> Internet:
> Destination        Gateway            Flags   Refs      Use   Mtu  Prio
Iface
> default            27.9.20.1          UGS     2656 45894821     -     8
pppoe0
> BASE-ADDRESS.MCAST localhost          URS        0        0 32768     8 lo0
> 27.9.20.1          27.9.22.243        UH         1       48     -     8
pppoe0
> 27.9.22.243        27.9.22.243        UHl        0   112560     -     1
pppoe0

> loopback           localhost          UGRS       0        0 32768     8 lo0
> localhost          localhost          UHl        1      251 32768     1 lo0
> 192.168.1/24       192.168.1.1        UC         0  1302369     -     4 em1
> 192.168.1.1        1a:cc:00:12:b1:9d  UHLl       0    63715     -     1 em1
> 192.168.1.255      192.168.1.1        UHb        0   350100     -     1 em1
> 192.168.2/24       192.168.2.1        C          0        8     -     4 em2
> 192.168.2.1        1a:cc:00:12:b1:9e  UHLl       0     1951     -     1 em2
> 192.168.2.255      192.168.2.1        Hb         0        1     -     1 em2
> 192.168.3/24       192.168.3.1        UC         2       21     -     4 em3
> 192.168.3.1        1a:cc:00:12:b1:9f  UHLl       0    25515     -     1 em3
> 192.168.3.32       78:9f:70:79:b8:5a  UHLc       1  3399193     -     4 em3
> 192.168.3.33       f0:cb:a1:79:18:43  UHLc       0    67314     -     4 em3
> 192.168.3.255      192.168.3.1        UHb        0       75     -     1 em3
> 192.168.244/24     192.168.244.1      UC         0        0     -     4 em0
> 192.168.244.1      1a:cc:00:12:b1:9c  UHLl       0        0     -     1 em0
> 192.168.244.255    192.168.244.1      UHb        0        0     -     1 em0
>
>> On 10 Dec 2016, at 6:45 AM, Fred <[hidden email]> wrote:
>>
>> On 12/09/16 19:35, 雷致强 wrote:
>>> Sorry, I posted the wrong ifconfig configuration, this is the one on my
Mac:

>>>
>>> $ ifconfig
>>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>>> options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
>>> inet 127.0.0.1 netmask 0xff000000
>>> inet6 ::1 prefixlen 128
>>> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
>>> nd6 options=201<PERFORMNUD,DAD>
>>> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
>>> stf0: flags=0<> mtu 1280
>>> en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>> ether 78:9f:70:79:b8:5a
>>> inet6 fe80::1c73:268c:55f4:65ef%en1 prefixlen 64 secured scopeid 0x4
>>> inet 192.168.3.32 netmask 0xffffff00 broadcast 192.168.3.255
>>> nd6 options=201<PERFORMNUD,DAD>
>>> media: autoselect
>>> status: active
>>> en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>> options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
>>> ether 38:c9:86:08:81:84
>>> nd6 options=201<PERFORMNUD,DAD>
>>> media: autoselect (none)
>>> status: inactive
>>> en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
>>> options=60<TSO4,TSO6>
>>> ether 2a:00:00:fa:2f:c0
>>> media: autoselect <full-duplex>
>>> status: inactive
>>> en3: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
>>> options=60<TSO4,TSO6>
>>> ether 2a:00:00:fa:2f:c1
>>> media: autoselect <full-duplex>
>>> status: inactive
>>> p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
>>> ether 0a:9f:70:79:b8:5a
>>> media: autoselect
>>> status: inactive
>>> awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
1484
>>> ether be:e7:72:f1:a8:96
>>> inet6 fe80::bce7:72ff:fef1:a896%awdl0 prefixlen 64 scopeid 0x9
>>> nd6 options=201<PERFORMNUD,DAD>
>>> media: autoselect
>>> status: active
>>> bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu
1500

>>> options=63<RXCSUM,TXCSUM,TSO4,TSO6>
>>> ether 2a:00:00:fa:2f:c0
>>> Configuration:
>>> id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
>>> maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
>>> root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
>>> ipfilter disabled flags 0x2
>>> member: en2 flags=3<LEARNING,DISCOVER>
>>>        ifmaxaddr 0 port 6 priority 0 path cost 0
>>> member: en3 flags=3<LEARNING,DISCOVER>
>>>        ifmaxaddr 0 port 7 priority 0 path cost 0
>>> nd6 options=201<PERFORMNUD,DAD>
>>> media: <unknown type>
>>> status: inactive
>>> utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
>>> inet6 fe80::98f7:b520:f58b:14dc%utun0 prefixlen 64 scopeid 0xb
>>> nd6 options=201<PERFORMNUD,DAD>
>>> ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
>>> inet 10.0.0.24 --> 10.0.0.1 netmask 0xff000000
>>>
>>>> On 10 Dec 2016, at 3:16 AM, Mihai Popescu <[hidden email]> wrote:
>>>>
>>>> What is the ifconfig configuration of your PC?
>>>> Do you run any pf configuration on your router?
>>>>
>>>> I really doubt ip forwarding is broken, even on a snapshot!
>>>
>> This is really confusing - en0 en2 and en3 are not active...
>>
>> but em1 and em2 are your issue?
>>
>> what does route show -inet say?
>>
>> hth
>>
>> Fred
>>
>>
>
> Thanks and best regards,
> Siegfried

Reply | Threaded
Open this post in threaded view
|

Re: IP Forwarding is not working?

trondd-2
In reply to this post by 雷致强
On Fri, December 9, 2016 2:24 pm, é*·è*´å¼º wrote:

> Hi, I donâ**t really think ip forwarding is broken either as I can still
> access the Internet.
>
> # ifconfig
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
>        index 6 priority 0 llprio 3
>        groups: lo
>        inet6 ::1 prefixlen 128
>        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
>        inet 127.0.0.1 netmask 0xff000000
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        lladdr 1a:cc:00:12:b1:9c
>        index 1 priority 0 llprio 3
>        media: Ethernet autoselect (100baseTX full-duplex)
>        status: active
>        inet 192.168.244.1 netmask 0xffffff00 broadcast 192.168.244.255
> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        lladdr 1a:cc:00:12:b1:9d
>        index 2 priority 0 llprio 3
>        media: Ethernet autoselect (100baseTX full-duplex)
>        status: active
>        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
> em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        lladdr 1a:cc:00:12:b1:9e
>        index 3 priority 0 llprio 3
>        media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
>        status: active
>        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
> em3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>        lladdr 1a:cc:00:12:b1:9f
>        index 4 priority 0 llprio 3
>        media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
>        status: active
>        inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
> enc0: flags=0<>
>        index 5 priority 0 llprio 3
>        groups: enc
>        status: active
> pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
>        index 7 priority 0 llprio 3
>        dev: em0 state: session
>        sid: 0x69cc PADI retries: 15 PADR retries: 0 time: 4d 13:55:21
>        sppp: phase network authproto pap authname "lan1201210025"
>        groups: pppoe egress
>        status: active
>        inet 27.9.22.243 --> 27.9.20.1 netmask 0xffffffff
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33144
>        index 8 priority 0 llprio 3
>        groups: pflog
>
> # cat /etc/pf.conf
> #       $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
> #
> # See pf.conf(5) and /etc/examples/pf.conf
>
> set skip on lo
>
> block return    # block stateless traffic
> pass            # establish keep-state
>
> # By default, do not permit remote connections to X11
> block return in on ! lo0 proto tcp to port 6000:6010
>
> pass out on egress from !(egress:network) to any nat-to (egress)
>

You're probably matching on the nat-to rule even when going from LAN to
LAN.  It reads like this:  Pass out on your internet interface from not
the internet to anywhere (the internet or even the LAN) and NAT it out the
internet interface.

You can't get to your LAN from the internet interface.  You need to
exclude the LAN networks from 'any' or add additional rules to match when
going LAN to LAN.