Hi all,
I am Unix newbie, and recently i've set up a OpenBSD box to route between my two subnets. The problem is, I never managed to make it work.
I've enabled ip forwarding, and turned pf on, and made some rules in my pf.conf, but packets simply won't route.
Here's my ifconfig
Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33204
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:50:ba:3e:7b:b9
priority: 0
media: Ethernet autoselect (none)
status: no carrier
inet 192.168.4.1 netmask 0xffffff00 broadcast 192.168.4.255
inet6 fe80::250:baff:fe3e:7bb9%rl0 prefixlen 64 scopeid 0x1
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:05:5d:fc:c8:8a
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.100.15 netmask 0xffffff00 broadcast 192.168.100.255
inet6 fe80::205:5dff:fefc:c88a%vr0 prefixlen 64 scopeid 0x2
enc0: flags=0<> mtu 1536
priority: 0
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33204
priority: 0
groups: pflog
and my rules
Code:
# pfctl -sn
nat on rl0 inet from 192.168.100.0/24 to any -> 192.168.4.1
nat on vr0 inet from 192.168.4.0/24 to any -> 192.168.100.15
# pfctl -sr
scrub in all fragment reassemble
pass in all flags S/SA keep state
pass in inet proto icmp all icmp-type echoreq keep state
pass out inet proto icmp all icmp-type echoreq keep state
block drop in on ! lo0 proto tcp from any to any port = 6000
could someone please give me a hint, what ma I doing wrong!
Cheers