DaemonForums  

Go Back   DaemonForums > NetBSD > NetBSD General

NetBSD General Other questions regarding NetBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 23rd March 2009
Pjoter's Avatar
Pjoter Pjoter is offline
Shell Scout
 
Join Date: Sep 2008
Posts: 92
Thanked 7 Times in 7 Posts
Default PF and LAN

Hello,

I am newbie in terms of network management under NetBSD. I want to have PF working on my router but unfortunately I cannot manage to have it working. My LAN is quite simple. It looks like that:

Code:
Ethernet -> ISP WIFI Router -> My router -> ethernet card -> LAN
ISP WIFI via dhcp provides IP 192.168.1.9 to ral0 (my router), than via vr0 my router provides lan to my small network (range 192.168.2./24). The scheme is:

Code:
Ethernet -> WIFI 192.168.1/24 -> ral0 192.168.1.9 -> vr0 192.168.2.1 -> lan 192.168.2/24
.

Via dhcp on vr0 I can provide link to any computer, let's say I use wm0 in my laptop. From my laptop I can ping the vr0 192.168.2.1, ral0 192.168.1.9 but not ISP router 192.168.1.1.

On my router I set default route 192.168.1.1 and on my laptop default route is also 192.168.1.1 (neither change to 192.168.2.1 or 192.168.1.9 allows me to ping anything outside 192.168.1.9).

I set up pf and pflog properely- I mean it work, I have no issues with synthax about pf.conf.

pf.conf looks like that:

Code:
ext_if="ral0"
int_if="vr0"
icmp_types="{echoreq}"
localnet=$int_if:network
nat on $int_if from $localnet to any -> ($ext_if)
block all
pass from {lo0,$localnet} to any keep state
I can see that traffic is working i.e. by pfctl -s info. Also I can log in via ssh on 192.168.1.9. But nothing else.

Is there any chance to allow routing from wm0 through vr0 outside the ral0? I read The Book of PF and tried many setting but unfortunately none of them work.

Please if you have some examples of similar networks, share with me your pf.conf or advise how to configure properly.

Packet forwarding (both IPv4 and IPv6 is set on 1 so active).

Thank you for any help,

With kind regards,

Piotr

Last edited by Pjoter; 23rd March 2009 at 09:07 PM.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:45 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick