DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 17th November 2013
ritter_k ritter_k is offline
New User
 
Join Date: Nov 2013
Posts: 5
Thanked 0 Times in 0 Posts
Default Routing/NAT problem setting up home wireless router on Alix board

I'm trying to set up an alix 2d13 box as a wireless home router with openbsd to replace an off the shelf linksys box. I've been stuck for nearly a week trying to figure out why it won't do nat properly. I'm trying to nat all traffic coming through a (second) wireless interface (urtwn0) into a local bridge. urtwn0 can connect to the internet fine through a blackberry wifi hotspot, but the internal network cannot see the internet, nor the blackberry ip address (though it can ping the urtwn0 address fine).

The current set up is as follows (I'll paste ifconfig and other details to pastebin if anyone wants them):

Code:
##### CONF FILES ON ALIX BOARD #####
/etc/hostname.vether0
inet 192.168.1.1 255.255.255.0 192.168.1.255
up

/etc/hostname.bridge0
add vether0
add vr1
add vr2
add ath0
up

/etc/hostname.vr1
up

/etc/hostname.vr2
up

/etc/hostname.ath0
mediaopt hostap
nwid alix
wpakey xxxxxxxxxx
up

/etc/sysctl.conf
net.inet.ip.forwarding=1
/etc/dhcpd.conf
Code:
# note - I'm never entirely sure what to put for a domain name when I don't have one and am behind an adsl or other link
option domain-name "example.net";
# note - I'm not even bothering with dns yet, so these don't really count, but are set to the values the blackberry gives urtwn0 in resolv.conf
option domain-name-servers 10.0.0.2, 10.0.0.3;
subnet 192.168.1.0 netmask 255.255.255.0 {
 option routers 192.168.1.1;
 range 192.168.1.5 192.168.1.100;
 option subnet-mask 255.255.255.0;
}
/etc/pf.conf
# note - I've tried many different variations and sugggestions. I don't think it's a pf problem, but I may be wrong.
Code:
set skip on lo
ext_if = "urtwn0"
int_if = "vether0"
localnet = $int_if:network 
match out on $ext_if from $int_if nat-to ($ext_if)
block all
pass from { lo0, $localnet }

#############################
So, to summarise what happens when I turn it all on:
# From my laptop:
  • I can connect over wifi/ethernet to the alix board and get an ip via dhcp.
  • I can ping/ssh all connected devices on 192.168.1/24 - e.g. a raspberry pi connected via ethernet
  • I can ping the urtwn0 interface on the alix board at 10.0.0.100
  • I cannot ping the blackberry itself at 10.0.0.1, or any ip address on the internet.
    note here, ping doesn't give me a "no route to host" - it just hangs at e.g. PING 10.0.0.1 (10.0.0.1): 56 data bytes

# From the alix board
  • I can ping/ssh all connected devices on 192.168.1/24
  • I can also ping the blackberry itself at 10.0.0.1
  • I can access the internet completely normally

Things I've tried:
  • getting rid of the bridge and changing all config so there's just an ethernet connection and urtwn0, with pf changed accordingly. made no difference.
  • numerous pf changes, including getting rid of block statements and turning off entirely. made no difference
  • manually entering routes to the device. I only half guessed at this since I don't understand routing as well as I wish I did. made no difference

##### DIAGNOSTICS #### on alix board:
Code:
# route -n show -inet
Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            10.0.0.1           UGS        0        0     -    12 urtwn0
10.0.0/24          link#7             UC         3        0     -     4 urtwn0
10.0.0.1           48:9d:24:6b:41:4a  UHLc       1      225     -     4 urtwn0
10.0.0.2           48:9d:24:6b:41:4a  UHLc       0       11     -     4 urtwn0
10.0.0.3           48:9d:24:6b:41:4a  UHLc       0       12     -     4 urtwn0
10.0.0.100         127.0.0.1          UGS        0        1 33192     8 lo0
127/8              127.0.0.1          UGRS       0        0 33192     8 lo0
127.0.0.1          127.0.0.1          UH         2        1 33192     4 lo0
192.168/16         link#8             UC         3        0     -     4 vether0
192.168.1.7        00:1b:77:41:8e:75  UHLc       1      162     -     4 vether0
192.168.1.9        48:9d:24:6b:41:4a  UHLc       1        1     -     4 vether0
192.168.1.115      b8:27:eb:20:77:53  UHLc       0      142     -     4 vether0
224/4              127.0.0.1          URS        0        0 33192     8 lo0
on laptop:
Code:
# route -n show -inet
Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            192.168.1.1        UGS        0      250     -    12 wpi0
127/8              127.0.0.1          UGRS       0        0 33192     8 lo0
127.0.0.1          127.0.0.1          UH         2        0 33192     4 lo0
192.168.1/24       link#2             UC         1        0     -     4 wpi0
192.168.1.1        fe:e1:ba:d0:47:57  UHLc       2       82     -     4 wpi0
192.168.1.7        127.0.0.1          UGS        0        0 33192     8 lo0
224/4              127.0.0.1          URS        0        0 33192     8 lo0

# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
--- 10.0.0.1 ping statistics ---
69 packets transmitted, 0 packets received, 100.0% packet loss
Hopefully this is enough that you can understand what I'm trying to do and help if possible. If any clarification is needed, let me know.
Thanks

Last edited by J65nko; 17th November 2013 at 11:52 AM. Reason: [code] and [/code] tags ;)
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PC Engines Alix 2d13 board J65nko General Hardware 3 20th January 2013 12:43 AM
Problem setting up a multiport router!! npumcrisz OpenBSD General 2 1st April 2012 03:06 PM
How secure are wireless home networks? JMJ_coder General software and network 37 18th April 2011 04:04 PM
how to config PF as router and source based routing kivi_kmitl OpenBSD Security 0 4th May 2010 08:06 AM
getting and setting time from router michaelrmgreen General software and network 1 5th February 2009 01:58 PM


All times are GMT. The time now is 01:57 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick