I am having an issue trying to get my network set up. I am attempting to set up a openbsd 4.3 router with two internal subnets and two internet connections(a T1 and a comcast connection). I would like all traffic on the internal networks to use the comcast connection so that the T1 connection would only be used for the webserver. Right now the two internal networks are working correctly, and using the comcast internet connection, but my website is not accessible and the public IP address for the T1 connections(website address IP) cannot be pinged from the outside. I am not using the multipath option, since whenever I tried to use multipath it caused internal LANs to use the T1 connection half the time. So I am using the mygate file that has the comcast gateway in it and the hostname file for T1 interface adds a default route to the routing table for its gateway.
Heres some information about my system.
Webserver: 192.168.1.5/24
Network 1 clients: 192.168.1.129-192.168.1.229/24
Network 2 clients: 192.168.2.129-192.168.2.229/24
Route show command:
Code:
default 10.1.10.1 UGS 0 3243 - dc0
default 64-192-xxx-xxx.meg UGS 0 0 - re0
10.1.10/24 link#3 UC 1 0 - dc0
10.1.10.1 00:13:f7:be:f1:52 UHLc 1 0 - dc0
10.1.10.90 localhost UGHS 0 0 33208 lo0
64-192-xxx.xxx.meg link#2 UC 1 0 - re0
64-192-xxx.xxx.meg 00:a0:c8:22:07:6f UHLc 1 0 - re0
loopback localhost UGRS 0 0 33208 lo0
192.168.1/24 link#4 UC 10 0 - re1
192.168.1.4 00:19:db:61:c1:4d UHLc 0 27 - re1
192.168.1.5 00:03:47:f5:f8:3f UHLc 0 3 - re1
pf.conf file:
Code:
#=================#
# Defining Macros
#=================#
# external interfaces
ext0="re0" # T1 (MegaGate)
ext1="dc0" # Comcast
# internal interfaces
lan1="re1" # our main LAN
lan2="msk0" # secondary lan for untrusted computers
# groups of interfaces
lan= "{" $lan1 $lan2 "}"
all_if= "(" $ext0 $ext1 $lan1 $lan2 ")"
# static ip addresses
webServer="192.168.1.5"
# port macros
webPorts="(80, 443)"
#=========#
# Options
#=========#
# setting default block policy to drop
set block-policy drop
# disable filtering on loopback interface
set skip on lo0
set optimization conservative
#===========#
# NAT Rules
#===========#
# NAT defaults for connecting from LAN1 and LAN2 to the Internet through
# comcast. All connections made from outside the LAN to the
# webserver will default out through the T1 line.
nat on $ext0 proto tcp from any to $webServer port 80 -> $ext0
nat on $ext1 from $lan1:network to any -> $ext1
nat on $ext1 from $lan2:network to any -> $ext1
#=============================#
# Redirects (port forwarding)
#=============================#
# forward web traffic to webserver (trac)
rdr on $ext0 proto tcp from any to ($ext0) port 80 -> $webServer
# forward https web traffic to webserver
rdr on $ext0 proto tcp from any to ($ext0) port 443 -> $webServer
So any idea where my problem is? I think the problem is in NAT somewhere, but I've yet to be able to get NAT to control traffic properly.
EDIT: When doing a traceroute to the T1 address, the next hop after the T1's gateway is the comcast interface, so there is definitely a routing/redirection problem somewhere..