Openbsd Routing/NAT Internet Issues

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Openbsd Routing/NAT Internet Issues

peterwkc
Hello to all, I had try to set up openbsd as home router but eventually it
fail to function properly.

External Interface (vr0)
192.168.1.2 255.255.255.0 none

Internal Interface (rl0)
172.16.10.1 255.255.255.0 none

Wireless Interface (ath0)
192.168.5.1 255.255.255.0 none

External interface connects to a modem with ip address of 192.168.1.254.

*Routing Table* (route show | more)
Destination Gateway Flags Interface
default 175.13.8.127.254 UGS tun0
175.130.127.254 175.135.116.213 (PPPOE IP address) UH tun0
loopback loopback UGRS lo0
loopback loopback UH lo0
172.16.10/24 link#2 UC rl0
172.16.10.3 inet6 UHLC rl0
192.168.1/24 link#1 UC vr0
192.168.5/24 link#3 UC ath0

My wireless interface light is keep on blinking rather stay on stable mode.

*Packet Filter Rules* (pfcrt -sr)
nat on vr0 from !(vr0) to any -> (vr0) round-robin
scrub on vr0 all no-df fragment reassemble
scrub on vr0 all reassemble tcp

block drop in log on vr0 all
pass out quick on ath0/rl0 keep state.

Problem:
I can ping Google DNS(8.8.8.8) from openbsd machine. or browsing internet.
I cannot ping Google DNS(8.8.8.8) from LAN PC.
I can ping my external modem(192.168.1.254) which return echo reply.

I have no idea why ping the modem does reply but ping external network with
no reply.

Please help.

--
Linux

Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing/NAT Internet Issues

Andy Lemin
Hi,

Can see you are allowing packets 'out' of your internal interfaces, but
what about packets getting into your internal interfaces?

pass quick on ath0/rl0 keep state

Also, if you have a private IP address on your modem (it will be doing
NAT), and you are trying to NAT on your OpenBSD box, you are double
NATing which is bad..

Either put the modem into bridged mode to allow placing the ISPs public
IP addres onto the external interface of the OpenBSD box (recomended),
or don't NAT on the OpenBSD box.

Cheers, A

On Wed 26 Mar 2014 03:28:59 GMT, Wong Peter wrote:

> Hello to all, I had try to set up openbsd as home router but eventually it
> fail to function properly.
>
> External Interface (vr0)
> 192.168.1.2 255.255.255.0 none
>
> Internal Interface (rl0)
> 172.16.10.1 255.255.255.0 none
>
> Wireless Interface (ath0)
> 192.168.5.1 255.255.255.0 none
>
> External interface connects to a modem with ip address of 192.168.1.254.
>
> *Routing Table* (route show | more)
> Destination Gateway Flags Interface
> default 175.13.8.127.254 UGS tun0
> 175.130.127.254 175.135.116.213 (PPPOE IP address) UH tun0
> loopback loopback UGRS lo0
> loopback loopback UH lo0
> 172.16.10/24 link#2 UC rl0
> 172.16.10.3 inet6 UHLC rl0
> 192.168.1/24 link#1 UC vr0
> 192.168.5/24 link#3 UC ath0
>
> My wireless interface light is keep on blinking rather stay on stable mode.
>
> *Packet Filter Rules* (pfcrt -sr)
> nat on vr0 from !(vr0) to any -> (vr0) round-robin
> scrub on vr0 all no-df fragment reassemble
> scrub on vr0 all reassemble tcp
>
> block drop in log on vr0 all
> pass out quick on ath0/rl0 keep state.
>
> Problem:
> I can ping Google DNS(8.8.8.8) from openbsd machine. or browsing internet.
> I cannot ping Google DNS(8.8.8.8) from LAN PC.
> I can ping my external modem(192.168.1.254) which return echo reply.
>
> I have no idea why ping the modem does reply but ping external network with
> no reply.
>
> Please help.

Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing/NAT Internet Issues

Zé Loff-2
In reply to this post by peterwkc
On 26-03-2014 03:28, Wong Peter wrote:

> Problem:
> I can ping Google DNS(8.8.8.8) from openbsd machine. or browsing internet.
> I cannot ping Google DNS(8.8.8.8) from LAN PC.
> I can ping my external modem(192.168.1.254) which return echo reply.
>
> I have no idea why ping the modem does reply but ping external network with
> no reply.
>
> Please help.
>
Are you forwarding packets between interfaces?
$ sysctl net.inet.ip.forwarding

Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing/NAT Internet Issues

Cristiano Deana
In reply to this post by peterwkc
On Wed, Mar 26, 2014 at 4:28 AM, Wong Peter <[hidden email]> wrote:

Hi

> *Routing Table* (route show | more)
> Destination Gateway Flags Interface
> default 175.13.8.127.254 UGS tun0
> 175.130.127.254 175.135.116.213 (PPPOE IP address) UH tun0

should'n be your default gateway your external modem, 192.168.1.254?

What is this pppoe?

Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing/NAT Internet Issues

Cristiano Deana
In reply to this post by Zé Loff-2
On Wed, Mar 26, 2014 at 12:10 PM, Zé Loff <[hidden email]> wrote:

> Are you forwarding packets between interfaces?
> $ sysctl net.inet.ip.forwarding

modem is responding (to internal LAN, I suppose), so it must enabled,


--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/

Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing/NAT Internet Issues

Zé Loff-2
In reply to this post by Cristiano Deana
On 26-03-2014 11:13, Cristiano Deana wrote:

> On Wed, Mar 26, 2014 at 4:28 AM, Wong Peter <[hidden email]> wrote:
>
> Hi
>
>> *Routing Table* (route show | more)
>> Destination Gateway Flags Interface
>> default 175.13.8.127.254 UGS tun0
>> 175.130.127.254 175.135.116.213 (PPPOE IP address) UH tun0
> should'n be your default gateway your external modem, 192.168.1.254?
>
> What is this pppoe?
>
No, you can have an address on the ethernet interface (vr0 in his
case) and then have PPPoE over that interface.

I have (approximately) the same configuration on my DSL modem, which
is on bridge mode but still listens on 192.168.1.254. The default
gateway is the pppoe0 link, but there's a route to 192.168.1/24 on the
ethernet interface which I use to access the modem's web UI.

Reply | Threaded
Open this post in threaded view
|

Re: Openbsd Routing/NAT Internet Issues

Christophe-46
In reply to this post by Cristiano Deana
Hi,

Le 26/03/2014 12:13, Cristiano Deana a écrit :

> On Wed, Mar 26, 2014 at 4:28 AM, Wong Peter <[hidden email]> wrote:
>
> Hi
>
>> *Routing Table* (route show | more)
>> Destination Gateway Flags Interface
>> default 175.13.8.127.254 UGS tun0
>> 175.130.127.254 175.135.116.213 (PPPOE IP address) UH tun0
>
> should'n be your default gateway your external modem, 192.168.1.254?
>
> What is this pppoe?
>

I agree this,
In this case, I think the NAT rule should be :

nat on tun0 from !(tun0) to any -> (tun0)

(also seems to be old syntax)

Regards,
Christophe.