Hello,
I am newbie in terms of network management under NetBSD. I want to have PF working on my router but unfortunately I cannot manage to have it working. My LAN is quite simple. It looks like that:
Code:
Ethernet -> ISP WIFI Router -> My router -> ethernet card -> LAN
ISP WIFI via dhcp provides IP 192.168.1.9 to ral0 (my router), than via vr0 my router provides lan to my small network (range 192.168.2./24). The scheme is:
Code:
Ethernet -> WIFI 192.168.1/24 -> ral0 192.168.1.9 -> vr0 192.168.2.1 -> lan 192.168.2/24
.
Via dhcp on vr0 I can provide link to any computer, let's say I use wm0 in my laptop. From my laptop I can ping the vr0 192.168.2.1, ral0 192.168.1.9 but not ISP router 192.168.1.1.
On my router I set default route 192.168.1.1 and on my laptop default route is also 192.168.1.1 (neither change to 192.168.2.1 or 192.168.1.9 allows me to ping anything outside 192.168.1.9).
I set up pf and pflog properely- I mean it work, I have no issues with synthax about pf.conf.
pf.conf looks like that:
Code:
ext_if="ral0"
int_if="vr0"
icmp_types="{echoreq}"
localnet=$int_if:network
nat on $int_if from $localnet to any -> ($ext_if)
block all
pass from {lo0,$localnet} to any keep state
I can see that traffic is working i.e. by pfctl -s info. Also I can log in via ssh on 192.168.1.9. But nothing else.
Is there any chance to allow routing from wm0 through vr0 outside the ral0? I read The Book of PF and tried many setting but unfortunately none of them work.
Please if you have some examples of similar networks, share with me your pf.conf or advise how to configure properly.
Packet forwarding (both IPv4 and IPv6 is set on 1 so active).
Thank you for any help,
With kind regards,
Piotr