View Single Post
  #2   (View Single Post)  
Old 5th February 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by mbzadegan View Post
Hi all,
I want to forward all network packets between both interfaces (em0,em1).
This is called "routing" packets, and this is what a router does.

To route packets between two network interfaces, on OpenBSD they must attach to different networks -- their address ranges cannot overlap.

In its simplest form:

[Network A] - [router] - [Network B]

But most implementations aren't that simple. There are often Internet connections needed, and a default route must be provisioned. These are often called gateway routers.

[Network A] - [gateway router] - [the Internet]

And there are intermediate routers, often used in a DMZ. Here is a simple example:

[Network A] - [router] - [Network B] - [gateway router] - Internet

And then there is Network Address Translation (NAT), which is used to translate addresses as they transit a router. The most common use is for private networks to attach to the Internet, and share one or more Internet-facing IP addresses.
Quote:
BTW, I set net.inet.ip.forwarding=1 but still need some PF commands to allow between interfaces.
You have not provided enough information for me to respond with a detailed reply. Here is general guidance:
  • PF is designed to be pass-by-default. It will pass traffic unless explicitly provisioned to block.
  • PF is required to provision NAT on OpenBSD. If your network architecture requires NAT, you will need to provision it with a PF rule.
If you want better guidance, provide a clearer picture of your intended network design.

Last edited by jggimi; 5th February 2018 at 11:23 PM. Reason: typos
Reply With Quote