Openbsd Routing Issues

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Openbsd Routing Issues

peterwkc
Hello to all, I had try to set up openbsd as home router but eventually it fail to function properly.

External Interface (vr0)
192.168.1.2 255.255.255.0 none

Internal Interface (rl0)
172.16.10.1 255.255.255.0 none

Wireless Interface (ath0)
192.168.5.1 255.255.255.0 none

Routing Table (route show | more)
Destination Gateway Flags Interface
default 175.13.8.127.254 UGS tun0
loopback loopback UGRS lo0
loopback loopback UH lo0
172.16.10/24 link#2 UC rl0
172.16.10.3 inet6 UHLC rl0
175.130.127.254 175.135.116.213 (PPPOE IP address) UH tun0
192.168.1/24 link#1 UC vr0
192.168.5/24 link#3 UC ath0

My wireless interface light is keep on blinking rather stay on stable mode.

Packet Filter Rules (pfcrt -sr)
nat on vr0 from !(vr0) to any -> (vr0) round-robin
scrub on vr0 all no-df fragment reassemble
scrub on vr0 all reassemble tcp

block drop in log on vr0 all
pass out quick on ath0/rl0 keep state.


Please help me why my pc cannot connect to internet. My pc can even ping external interface ip address (192.168.1.2) but it shows no internet access.

Please help.  



 



















Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing Issues

Stuart Henderson
Have you set the net.inet.ip.forwarding sysctl?

That's a very old version of OpenBSD if the "nat on vr0" rule is valid syntax...
Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing Issues

Peter N. M. Hansteen-3
In reply to this post by peterwkc
peterwkc <[hidden email]> writes:

> Hello to all, I had try to set up openbsd as home router but eventually it
> fail to function properly.
>
> External Interface (vr0)
> 192.168.1.2 255.255.255.0 none
>
> Internal Interface (rl0)
> 172.16.10.1 255.255.255.0 none
>
> Wireless Interface (ath0)
> 192.168.5.1 255.255.255.0 none
>
> *Routing Table* (route show | more)
> Destination Gateway Flags Interface
> default 175.13.8.127.254 UGS tun0
> loopback loopback UGRS lo0
> loopback loopback UH lo0
> 172.16.10/24 link#2 UC rl0
> 172.16.10.3 inet6 UHLC rl0
> 175.130.127.254 175.135.116.213 (PPPOE IP address) UH tun0
> 192.168.1/24 link#1 UC vr0
> 192.168.5/24 link#3 UC ath0

That "172.16.10.3 inet6 UHLC rl0" looks a bit odd, but possibly not destructive.

> My wireless interface light is keep on blinking rather stay on stable mode.
>
> *Packet Filter Rules* (pfcrt -sr)
> nat on vr0 from !(vr0) to any -> (vr0) round-robin
> scrub on vr0 all no-df fragment reassemble
> scrub on vr0 all reassemble tcp
>
> block drop in log on vr0 all
> pass out quick on ath0/rl0 keep state.

Which version are you on? This sounds distinctly pre-4.7, and if so
you're running a release that's been unsupported for several years
already.

(btw doesn't that say nat in both directions? and round-robin over
several addressses? low on caffeine, but do check the logic of that
one)

> Please help me why my pc cannot connect to internet. My pc can even ping
> external interface ip address (192.168.1.2) but it shows no internet access.

I'm still a bit low on caffeine in my bloodstream, but did you enable
forwarding? As in check the value of

$ sysctl net.inet.ip.forwarding

if it's 1, your problem lies elsewhere.

- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing Issues

peterwkc
My openbsd version is 4.1. The net.inet.ip.forwarding shows 1.

Any other hints ?

Please help.

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing Issues

peterwkc
In reply to this post by peterwkc
I can ping Google DNS (8.8.8.8) from Openbsd machine
I cannot ping Google DNS from LAN PC.

This has been confirmed by using tcpdump.

Please help. Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing Issues

Daniel Hartmeier
I think you're passing some packets statelessly, because you don't block
correctly by default:

> nat on vr0 from !(vr0) to any -> (vr0) round-robin
> scrub on vr0 all no-df fragment reassemble
> scrub on vr0 all reassemble tcp
>
> block drop in log on vr0 all
> pass out quick on ath0/rl0 keep state.

First, change the block rule to apply to all interfaces and directions:

  block log all

Now you'll see (by tcpdump'ing pflog0) what is getting blocked.

Most likely, you also need

  pass in on ath0/rl0 keep state
  pass out on vr0 keep state

Kind regards,
Daniel