View Single Post
  #8   (View Single Post)  
Old 16th September 2011
n4p1 n4p1 is offline
New User
 
Join Date: Mar 2010
Posts: 9
Default

Quote:
Originally Posted by jggimi
I'd like to know just what you did, and, what results were seen, in as much detail as possible. I have to guess that you still had a non-multipathed default route. Ignoring PF entirely, and focusing on your routing environment
Ok, i will focus on routing but i can do this in Monday. I will turn off my pf, because I was trying mpath with my pf enabled and try describe more details.

Quote:
Originally Posted by jggimi
[*]Did you enable IPv4 multipath routing in sysctl.conf(5)? Confirm it is enabled with $ sysctl net.inet.ip.multipath
Yes, it was enabled in sysctl.conf > net.inet.ip.multipath=1. Also i rebooted my OpenBSD box.

Quote:
Originally Posted by jggimi
[*]How are you creating the multipath routes? With a !route command in your applicable hostname.if(5) files? With an rc.local(8) script that issues route flush followed by the applicable route add -mpath commands?
Since I was working remotely i used /etc/hostname.if to make changes in gateways and then reboot.
hostname.em0
!/sbin/route add -mpath default 178.x.y.z
hostname.pppoe0
!/sbin/route add -mpath default 87.x.y.z

After that (working from my home) I can only ssh via em0, pppoe0 was unreachable. Although in my pf.conf i had:
pass in on em0 proto tcp from any to any port 22
pass in on pppoe0 proto tcp from any to any port 22

That was weird.

Quote:
Originally Posted by jggimi
[*]How many default routes are in your routing table? Two? Three? If you have more than two, you have a problem, either caused by a mygate(5) setting or by dhclient(8) configuration accepting a default route, or by not flushing and reloading your routing table correctly.
Im sure it was only two default routes. /etc/mygate is blank, also I had static ip (dont need dhclient)

Quote:
Originally Posted by jggimi
[*]Did you watch both interfaces with tcpdump(8) when pinging, or connecting with ssh? I'm guessing that packets coming in to IF2 were still being responded to via IF1.
No I didn't check it. I will do it in Monday.

But when I have only one default route to my if1 and Im trying ssh from outside via if2 I see incoming connection in tcpdump on that interface but nothing happen.

Btw. when mpath was enabled I can connect to outside services from OpenBSD box without problem (ex. www, ping etc). Some packets goes via em0 and some via pppoe0.
Ex. when I connect to my home ssh box it was always from em0.

Quote:
Originally Posted by jggimi
Please let me know if you would be interested in this type of problem recreation / resolution, before I invest the time and effort:
Im sure there is no need to do that, because I think that the problem is in my config/routing settings. I will get more details on Monday trying to set mpath from beginning.
Reply With Quote