DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 17th September 2011
badguy badguy is offline
Fdisk Soldier
 
Join Date: Jul 2009
Location: MD, USA
Posts: 59
Thanked 0 Times in 0 Posts
Default Trying to understand routing with openbsd

Hi guys, i am looking for help understanding a couple of things.

My network
Open BSD box serving as a router/gateway to internet with IPs below
+-----+
| em0 |---> ISP
+-----+
+-----+
| em1 |---> 192.168.1.1 (Wired LAN)
+-----+
+-----+
| em2 |---> 192.168.2.1 (Wireless AP)
+-----+

Code:
root ~ # cat /etc/hostname.em1                                                                                                                                                        
inet 192.168.1.1 255.255.255.0 NONE
#!route add -net 192.168.1.0/24 192.168.1.1
#!route add -net 192.168.2.0/24 192.168.2.1

root ~ # cat /etc/hostname.ural0                                                                                                                                                       
inet 192.168.2.1 255.255.255.0 NONE autoselect mode 11g mediaopt hostap nwid an0nym0us chan 11 wpa wpaprotos wpa2 wpaakms psk wpapsk lol 

root ~ # cat /etc/sysctl.conf |grep net.inet.ip.forwarding 
net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of IPv4 packets

root ~ # pfctl -sr                                                                                                                                                                     
anchor "miniupnpd" all
match out log on egress inet from ! (egress) to any nat-to (egress:0) round-robin
block drop in log quick on ! em1 inet from 192.168.1.0/24 to any
block drop in log quick inet from 192.168.1.1 to any
block drop in log quick on ! em0 from (em0:network) to any
block drop in log quick from (em0) to any
block drop in log quick on re0 inet6 from fe80::e291:f5ff:fe20:3eb0 to any
pass out quick all flags S/SA keep state
pass in quick all flags S/SA keep state
The problem.
random client 192.168.2.24 (connected to wireless ap) is unable to ping random client 192.168.1.100 (connected to switch on em1). I added the commented static routes in hostname.em1 and still same problem.

one thing i noticed when i did a tcpdump on the openbsd box is that i got this. dont know if i is the reason.

Code:
root ~ # tcpdump -n -vvv -i re0 host 192.168.1.100         
tcpdump: listening on re0, link-type EN10MB
21:17:15.985288 192.168.2.24 > 192.168.1.100: icmp: echo request (id:c624 seq:10) (ttl 63, id 46271, len 84, bad cksum 0! differs by 421d)
21:17:16.994790 192.168.2.24 > 192.168.1.100: icmp: echo request (id:c624 seq:11) (ttl 63, id 65157, len 84, bad cksum 0! differs by f856)
21:17:16.995493 arp who-has 192.168.2.24 tell 192.168.1.100
21:17:17.987041 192.168.2.24 > 192.168.1.100: icmp: echo request (id:c624 seq:12) (ttl 63, id 37534, len 84, bad cksum 0! differs by 643e)
21:17:17.995391 arp who-has 192.168.2.24 tell 192.168.1.100
21:17:18.995221 arp who-has 192.168.2.24 tell 192.168.1.100
and on the 192.168.1.100 host i get

Code:
root ~ # tcpdump -vvvttt host 192.168.2.24
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:00:00.000000 IP (tos 0x0, ttl 63, id 27416, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.2.24 > 192.168.1.100: ICMP echo request, id 3621, seq 78, length 64
00:00:00.003411 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.24 tell 192.168.1.100, length 28
00:00:00.997995 IP (tos 0x0, ttl 63, id 36710, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.2.24 > 192.168.1.100: ICMP echo request, id 3621, seq 79, length 64

Can it be PF? since i am still a noob with PF so i have allowed all in and out just to make sure it is not because of PF.

pass out quick
pass in quick

by the way how will you check specific packets dropped by PF? do a tcpdump on pflog?

Thanks in advance

Last edited by badguy; 17th September 2011 at 01:45 AM.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD: equal-cost multipath routing Lexus45 OpenBSD General 0 31st August 2010 08:13 AM
please help me understand wpa settings gosha OpenBSD General 1 14th July 2009 11:37 AM
How understand someone connect to my BOX with VNC mfaridi OpenBSD Security 8 21st November 2008 12:24 AM
Routing and routing some more! Weaseal FreeBSD General 1 19th August 2008 01:39 PM
OpenBSD and routing cchapman OpenBSD General 5 25th July 2008 05:55 PM


All times are GMT. The time now is 12:12 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick