Routing and routes can be confusing. Please excuse the routing explanation below, but I am hoping it will provide some clarity. PF
block rules can behave like routing errors between networks, so this explanation does not include any discussion of PF.
Code:
[System A] - network 1 - [Router B] - network 2 - [Router D] - {the internet} - [System E]
|
[System C]
System A on network 1 only has one route to other networks, through Router B. To communicate with other systems on other networks, it only needs a default, gateway route. In OpenBSD route(8) terms, this would be
# route add default <address of Router B on network 1>
where the keyword "default" is equivalent to 0.0.0.0/0. Any IP packet destined for an address not on network 1 will be sent to Router B for routing to all other networks, such as System C on network 2, or to System E somewhere on the internet.
On OpenBSD, the default route is assigned statically with a mygate(5) file, or dynamically via a DHCP server.
Router B is aware of two networks: network 1 and network 2, because it has NICs provisioned on both networks. But it needs a default route: through Router D. In route(8) terms, this would be
# route add default <address of Router D on network 2>
. With this knowledge, any traffic it receives to be forwarded to System A on network 1 will be sent directly to it through its NIC on network 1. Likewise, any traffic it receives to be forwarded to System C on network 2 would be sent directly to it through its NIC on network 2. But any traffic it receives for networks other than 1 or 2 would be forwarded to Router D for further distribution.
System C on network 2 has direct access to the two routers B and D. It will need a default route through Router D.
If System C needs to communicate with System A on network 1, it will need a route to network 1 added. In route(8) terms, that additional route would be
# route add <network 1> <address of Router B on network 2>
. This additional route can be added via a DHCP server, or can be added statically. If System C is an OpenBSD system, a
!route command is added to a hostname.if(5) file to add a static route.
Router D is aware of network 2 and its internet connection. Its default route will be through the ISP, either dynamically with DHCP or statically. But it has no knowledge of network 1 unless a route to it is provisioned. In route(8) terms, this would be
# route add <network 1> <address of Router B on network 2>
.