Hi guys, i am looking for help understanding a couple of things.
My network
Open BSD box serving as a router/gateway to internet with IPs below
+-----+
| em0 |---> ISP
+-----+
+-----+
| em1 |---> 192.168.1.1 (Wired LAN)
+-----+
+-----+
| em2 |---> 192.168.2.1 (Wireless AP)
+-----+
Code:
root ~ # cat /etc/hostname.em1
inet 192.168.1.1 255.255.255.0 NONE
#!route add -net 192.168.1.0/24 192.168.1.1
#!route add -net 192.168.2.0/24 192.168.2.1
root ~ # cat /etc/hostname.ural0
inet 192.168.2.1 255.255.255.0 NONE autoselect mode 11g mediaopt hostap nwid an0nym0us chan 11 wpa wpaprotos wpa2 wpaakms psk wpapsk lol
root ~ # cat /etc/sysctl.conf |grep net.inet.ip.forwarding
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
root ~ # pfctl -sr
anchor "miniupnpd" all
match out log on egress inet from ! (egress) to any nat-to (egress:0) round-robin
block drop in log quick on ! em1 inet from 192.168.1.0/24 to any
block drop in log quick inet from 192.168.1.1 to any
block drop in log quick on ! em0 from (em0:network) to any
block drop in log quick from (em0) to any
block drop in log quick on re0 inet6 from fe80::e291:f5ff:fe20:3eb0 to any
pass out quick all flags S/SA keep state
pass in quick all flags S/SA keep state
The problem.
random client 192.168.2.24 (connected to wireless ap) is unable to ping random client 192.168.1.100 (connected to switch on em1). I added the commented static routes in hostname.em1 and still same problem.
one thing i noticed when i did a tcpdump on the openbsd box is that i got this. dont know if i is the reason.
Code:
root ~ # tcpdump -n -vvv -i re0 host 192.168.1.100
tcpdump: listening on re0, link-type EN10MB
21:17:15.985288 192.168.2.24 > 192.168.1.100: icmp: echo request (id:c624 seq:10) (ttl 63, id 46271, len 84, bad cksum 0! differs by 421d)
21:17:16.994790 192.168.2.24 > 192.168.1.100: icmp: echo request (id:c624 seq:11) (ttl 63, id 65157, len 84, bad cksum 0! differs by f856)
21:17:16.995493 arp who-has 192.168.2.24 tell 192.168.1.100
21:17:17.987041 192.168.2.24 > 192.168.1.100: icmp: echo request (id:c624 seq:12) (ttl 63, id 37534, len 84, bad cksum 0! differs by 643e)
21:17:17.995391 arp who-has 192.168.2.24 tell 192.168.1.100
21:17:18.995221 arp who-has 192.168.2.24 tell 192.168.1.100
and on the 192.168.1.100 host i get
Code:
root ~ # tcpdump -vvvttt host 192.168.2.24
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:00:00.000000 IP (tos 0x0, ttl 63, id 27416, offset 0, flags [none], proto ICMP (1), length 84)
192.168.2.24 > 192.168.1.100: ICMP echo request, id 3621, seq 78, length 64
00:00:00.003411 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.24 tell 192.168.1.100, length 28
00:00:00.997995 IP (tos 0x0, ttl 63, id 36710, offset 0, flags [none], proto ICMP (1), length 84)
192.168.2.24 > 192.168.1.100: ICMP echo request, id 3621, seq 79, length 64
Can it be PF? since i am still a noob with PF so i have allowed all in and out just to make sure it is not because of PF.
pass out quick
pass in quick
by the way how will you check specific packets dropped by PF? do a tcpdump on pflog?
Thanks in advance