ok, I guess i should provide more insight on my configs.
re0 isp cable (dhcp auto)
ral0 wifi 192.168.2.1 255.255.255.0 Subnet controlled by dhcpd
sk0 wired 192.168.1.1 255.255.255.0 Subnet controlled by dhcpd
dhcpd.conf
Code:
# $OpenBSD: dhcpd.conf,v 1.2 2008/10/03 11:41:21 sthen Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#
# Network: 192.168.1.0/255.255.255.0
# Domain name: my.domain
# Name servers: 192.168.1.3 and 192.168.1.5
# Default router: 192.168.1.1
# Addresses: 192.168.1.32 - 192.168.1.127
#
option domain-name "domain.com";
option domain-name-servers 206.248.154.22, 206.248.154.170;
subnet 192.168.1.0 netmask 255.255.255.0
{
option routers 192.168.1.1;
range 192.168.1.50 192.168.1.100;
host XPS {
hardware ethernet 00:19:B9:3E:EF:05;
fixed-address 192.168.1.10;
}
host Vault {
hardware ethernet 00:14:FD:11:B2:94;
fixed-address 192.168.1.11;
}
host Nano_wired {
hardware ethernet 00:1e:68:c5:45:1f;
fixed-address 192.168.1.14;
}
}
subnet 192.168.2.0 netmask 255.255.255.0
{
option routers 192.168.2.1;
range 192.168.2.50 192.168.2.100;
host Android {
hardware ethernet 90:21:55:B4:35:BE;
fixed-address 192.168.2.13;
}
host Nano_wifi {
hardware ethernet 00:22:69:3D:8D:96;
fixed-address 192.168.2.12;
}
}
pf.conf
Code:
#PF config file
# macros
Ext_if = "re0"
Int_if = "{sk0 ral0}"
Wired = "sk0"
Wifi = "ral0"
# options
set block-policy return
set loginterface re0
set skip on lo
# match rules
match in all scrub (no-df)
# filter rules
block all
pass quick on $Int_if proto icmp
pass on $Int_if from 192.168.1.0/24
pass on $Int_if from 192.168.2.0/24
pass out on $Int_if to $Ext_if
pass in on $Ext_if from { 192.168.1.0/24 192.168.2.0/24 }
pass out on $Ext_if proto{tcp udp icmp} all modulate state
pass out on $Ext_if from {192.168.1.0/24 192.168.2.0/24} to any \
nat-to (re0)
hostname.ral0
Code:
media DS2 mode 11g mediaopt hostap
chan 3
nwid infected2 wpakey youwish!!! wpaprotos wpa1,wpa2
inet 192.168.2.1 255.255.255.0 192.168.2.255
up
hostname.sk0
Code:
inet 192.168.1.1 255.255.255.0 192.168.1.255
up
hostname.re0
sysctl.conf
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
route show
Code:
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
69.165.210.16/29 link#1 UC 0 0 - 4 re0
localhost localhost UH 0 86 33200 4 lo0
192.168.1/24 link#2 UC 1 0 - 4 sk0
192.168.1.10 00:19:b9:3e:ef:05 UHLc 1 83 - 4 sk0
192.168.2/24 link#5 UC 1 0 - 4 ral0
192.168.2.13 link#5 UHLc 0 8 - 4 ral0
Internet6:
Destination Gateway Flags Refs Use Mtu Prio Iface
localhost localhost UH 0 0 33200 4 lo0
fe80::%re0/64 link#1 UC 0 0 - 4 re0
fe80::%sk0/64 link#2 UC 0 0 - 4 sk0
fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0
fe80::%ral0/64 link#5 UC 0 0 - 4 ral0
ff01::%re0/32 link#1 UC 0 0 - 4 re0
ff01::%sk0/32 link#2 UC 0 0 - 4 sk0
ff01::%lo0/32 localhost UC 0 0 - 4 lo0
ff01::%ral0/32 link#5 UC 0 0 - 4 ral0
ff02::%re0/32 link#1 UC 0 0 - 4 re0
ff02::%sk0/32 link#2 UC 0 0 - 4 sk0
ff02::%lo0/32 localhost UC 0 0 - 4 lo0
ff02::%ral0/32 link#5 UC 0 0 - 4 ral0
That being said follow me a little more here ill show you what get me really confused.
First ping within the same subnet:
ping from gateway adapter sk0 192.168.1.1 to 192.168.1.11
tcpdump on gateway
# tcpdump -i sk0 icmp
tcpdump: listening on sk0, link-type EN10MB
20:10:32.388756 192.168.1.1 > 192.168.1.11: icmp: echo request
20:10:32.389051 192.168.1.11 > 192.168.1.1: icmp: echo reply
ping from gateway
$ ping 192.168.1.11
PING 192.168.1.11 (192.168.1.11): 56 data bytes
64 bytes from 192.168.1.11: icmp_seq=0 ttl=64 time=3.621 ms
--- 192.168.1.11 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.621/3.621/3.621/0.000 ms
now ping from wifi subnet to wired subnet
ping from gateway adapter ral0 192.168.2.1 to 192.168.1.11
tcpdump on gateway
# tcpdump -i sk0 icmp
tcpdump: listening on sk0, link-type EN10MB
20:15:12.994278 192.168.2.1 > 192.168.1.11: icmp: echo request
20:15:14.003019 192.168.2.1 > 192.168.1.11: icmp: echo request
20:15:15.013017 192.168.2.1 > 192.168.1.11: icmp: echo request
ping from gateway
$ ping -I 192.168.2.1 192.168.1.11
PING 192.168.1.11 (192.168.1.11): 56 data bytes
--- 192.168.1.11 ping statistics ---
9 packets transmitted, 0 packets received, 100.0% packet loss
Here it is, why do I dont get a reply on 192.168.1.11 when ping from 192.168.2.1. I have checked and tcpdump on 192.168.1.11 do not show reply either.
any suggestions?