View Single Post
  #5   (View Single Post)  
Old 5th October 2011
domdurocher domdurocher is offline
Real Name: Dominic Durocher
New User
 
Join Date: Oct 2011
Location: Montreal
Posts: 5
Default

ok, I guess i should provide more insight on my configs.

re0 isp cable (dhcp auto)
ral0 wifi 192.168.2.1 255.255.255.0 Subnet controlled by dhcpd
sk0 wired 192.168.1.1 255.255.255.0 Subnet controlled by dhcpd

dhcpd.conf
Code:
#	$OpenBSD: dhcpd.conf,v 1.2 2008/10/03 11:41:21 sthen Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#

# Network:		192.168.1.0/255.255.255.0
# Domain name:		my.domain
# Name servers:		192.168.1.3 and 192.168.1.5
# Default router:	192.168.1.1
# Addresses:		192.168.1.32 - 192.168.1.127
#
option  domain-name "domain.com";
option  domain-name-servers 206.248.154.22, 206.248.154.170;

subnet 192.168.1.0 netmask 255.255.255.0
{
        option routers 192.168.1.1;

        range 192.168.1.50 192.168.1.100;

        host XPS        {
                hardware ethernet 00:19:B9:3E:EF:05;
                fixed-address 192.168.1.10;
                        }

        host Vault      {
                hardware ethernet 00:14:FD:11:B2:94;
                fixed-address 192.168.1.11;
                        }

        host Nano_wired {
                hardware ethernet 00:1e:68:c5:45:1f;
                fixed-address 192.168.1.14;
                        }

}


subnet 192.168.2.0 netmask 255.255.255.0
{
        option routers 192.168.2.1;

        range 192.168.2.50 192.168.2.100;


        host Android    {
                hardware ethernet 90:21:55:B4:35:BE;
                fixed-address 192.168.2.13;
                        }

        host Nano_wifi  {
                hardware ethernet 00:22:69:3D:8D:96;
                fixed-address 192.168.2.12;
                        }
}
pf.conf
Code:
#PF config file

# macros

Ext_if = "re0"
Int_if = "{sk0 ral0}"
Wired = "sk0"
Wifi = "ral0"

# options
set block-policy return
set loginterface re0
set skip on lo

# match rules
match in all scrub (no-df)

# filter rules
block all
pass quick on $Int_if proto icmp
pass on $Int_if from 192.168.1.0/24
pass on $Int_if from 192.168.2.0/24
pass out on $Int_if to $Ext_if
pass in on $Ext_if from { 192.168.1.0/24 192.168.2.0/24 } 
pass out on $Ext_if proto{tcp udp icmp} all modulate state
pass out on $Ext_if from {192.168.1.0/24 192.168.2.0/24} to any \
 nat-to (re0)
hostname.ral0
Code:
media DS2 mode 11g mediaopt hostap 
chan 3 
nwid infected2 wpakey youwish!!! wpaprotos wpa1,wpa2
inet 192.168.2.1 255.255.255.0 192.168.2.255
up
hostname.sk0
Code:
inet 192.168.1.1 255.255.255.0 192.168.1.255
up
hostname.re0
Code:
dhcp
sysctl.conf
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets

route show
Code:
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
69.165.210.16/29   link#1             UC         0        0     -     4 re0
localhost          localhost          UH         0       86 33200     4 lo0
192.168.1/24       link#2             UC         1        0     -     4 sk0
192.168.1.10       00:19:b9:3e:ef:05  UHLc       1       83     -     4 sk0
192.168.2/24       link#5             UC         1        0     -     4 ral0
192.168.2.13       link#5             UHLc       0        8     -     4 ral0

Internet6:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
localhost          localhost          UH         0        0 33200     4 lo0
fe80::%re0/64      link#1             UC         0        0     -     4 re0
fe80::%sk0/64      link#2             UC         0        0     -     4 sk0
fe80::%lo0/64      fe80::1%lo0        U          0        0     -     4 lo0
fe80::%ral0/64     link#5             UC         0        0     -     4 ral0
ff01::%re0/32      link#1             UC         0        0     -     4 re0
ff01::%sk0/32      link#2             UC         0        0     -     4 sk0
ff01::%lo0/32      localhost          UC         0        0     -     4 lo0
ff01::%ral0/32     link#5             UC         0        0     -     4 ral0
ff02::%re0/32      link#1             UC         0        0     -     4 re0
ff02::%sk0/32      link#2             UC         0        0     -     4 sk0
ff02::%lo0/32      localhost          UC         0        0     -     4 lo0
ff02::%ral0/32     link#5             UC         0        0     -     4 ral0
That being said follow me a little more here ill show you what get me really confused.

First ping within the same subnet:

ping from gateway adapter sk0 192.168.1.1 to 192.168.1.11

tcpdump on gateway
# tcpdump -i sk0 icmp
tcpdump: listening on sk0, link-type EN10MB
20:10:32.388756 192.168.1.1 > 192.168.1.11: icmp: echo request
20:10:32.389051 192.168.1.11 > 192.168.1.1: icmp: echo reply

ping from gateway
$ ping 192.168.1.11
PING 192.168.1.11 (192.168.1.11): 56 data bytes
64 bytes from 192.168.1.11: icmp_seq=0 ttl=64 time=3.621 ms
--- 192.168.1.11 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.621/3.621/3.621/0.000 ms

now ping from wifi subnet to wired subnet

ping from gateway adapter ral0 192.168.2.1 to 192.168.1.11

tcpdump on gateway
# tcpdump -i sk0 icmp
tcpdump: listening on sk0, link-type EN10MB
20:15:12.994278 192.168.2.1 > 192.168.1.11: icmp: echo request
20:15:14.003019 192.168.2.1 > 192.168.1.11: icmp: echo request
20:15:15.013017 192.168.2.1 > 192.168.1.11: icmp: echo request

ping from gateway

$ ping -I 192.168.2.1 192.168.1.11
PING 192.168.1.11 (192.168.1.11): 56 data bytes
--- 192.168.1.11 ping statistics ---
9 packets transmitted, 0 packets received, 100.0% packet loss

Here it is, why do I dont get a reply on 192.168.1.11 when ping from 192.168.2.1. I have checked and tcpdump on 192.168.1.11 do not show reply either.

any suggestions?
Reply With Quote