|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Trying to understand routing with openbsd
Hi guys, i am looking for help understanding a couple of things.
My network Open BSD box serving as a router/gateway to internet with IPs below +-----+ | em0 |---> ISP +-----+ +-----+ | em1 |---> 192.168.1.1 (Wired LAN) +-----+ +-----+ | em2 |---> 192.168.2.1 (Wireless AP) +-----+ Code:
root ~ # cat /etc/hostname.em1 inet 192.168.1.1 255.255.255.0 NONE #!route add -net 192.168.1.0/24 192.168.1.1 #!route add -net 192.168.2.0/24 192.168.2.1 root ~ # cat /etc/hostname.ural0 inet 192.168.2.1 255.255.255.0 NONE autoselect mode 11g mediaopt hostap nwid an0nym0us chan 11 wpa wpaprotos wpa2 wpaakms psk wpapsk lol root ~ # cat /etc/sysctl.conf |grep net.inet.ip.forwarding net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets root ~ # pfctl -sr anchor "miniupnpd" all match out log on egress inet from ! (egress) to any nat-to (egress:0) round-robin block drop in log quick on ! em1 inet from 192.168.1.0/24 to any block drop in log quick inet from 192.168.1.1 to any block drop in log quick on ! em0 from (em0:network) to any block drop in log quick from (em0) to any block drop in log quick on re0 inet6 from fe80::e291:f5ff:fe20:3eb0 to any pass out quick all flags S/SA keep state pass in quick all flags S/SA keep state random client 192.168.2.24 (connected to wireless ap) is unable to ping random client 192.168.1.100 (connected to switch on em1). I added the commented static routes in hostname.em1 and still same problem. one thing i noticed when i did a tcpdump on the openbsd box is that i got this. dont know if i is the reason. Code:
root ~ # tcpdump -n -vvv -i re0 host 192.168.1.100 tcpdump: listening on re0, link-type EN10MB 21:17:15.985288 192.168.2.24 > 192.168.1.100: icmp: echo request (id:c624 seq:10) (ttl 63, id 46271, len 84, bad cksum 0! differs by 421d) 21:17:16.994790 192.168.2.24 > 192.168.1.100: icmp: echo request (id:c624 seq:11) (ttl 63, id 65157, len 84, bad cksum 0! differs by f856) 21:17:16.995493 arp who-has 192.168.2.24 tell 192.168.1.100 21:17:17.987041 192.168.2.24 > 192.168.1.100: icmp: echo request (id:c624 seq:12) (ttl 63, id 37534, len 84, bad cksum 0! differs by 643e) 21:17:17.995391 arp who-has 192.168.2.24 tell 192.168.1.100 21:17:18.995221 arp who-has 192.168.2.24 tell 192.168.1.100 Code:
root ~ # tcpdump -vvvttt host 192.168.2.24 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 00:00:00.000000 IP (tos 0x0, ttl 63, id 27416, offset 0, flags [none], proto ICMP (1), length 84) 192.168.2.24 > 192.168.1.100: ICMP echo request, id 3621, seq 78, length 64 00:00:00.003411 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.24 tell 192.168.1.100, length 28 00:00:00.997995 IP (tos 0x0, ttl 63, id 36710, offset 0, flags [none], proto ICMP (1), length 84) 192.168.2.24 > 192.168.1.100: ICMP echo request, id 3621, seq 79, length 64 Can it be PF? since i am still a noob with PF so i have allowed all in and out just to make sure it is not because of PF. pass out quick pass in quick by the way how will you check specific packets dropped by PF? do a tcpdump on pflog? Thanks in advance Last edited by badguy; 17th September 2011 at 01:45 AM. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD: equal-cost multipath routing | Lexus45 | OpenBSD General | 0 | 31st August 2010 08:13 AM |
please help me understand wpa settings | gosha | OpenBSD General | 1 | 14th July 2009 11:37 AM |
How understand someone connect to my BOX with VNC | mfaridi | OpenBSD Security | 8 | 21st November 2008 12:24 AM |
Routing and routing some more! | Weaseal | FreeBSD General | 1 | 19th August 2008 01:39 PM |
OpenBSD and routing | cchapman | OpenBSD General | 5 | 25th July 2008 05:55 PM |