DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default OpenBSD 5.7 Router Issues

Dear All,

I was tried to set up OpenBSD 5.7 as a router but unfortunately PPPOE is not working. Therefore, I'm posting the configuration for you all to review and can spot/troubleshoot any errors?

External Interface (/etc/hostname.fxp0)
Quote:
inet 192.168.1.2 255.255.255.0
Internal Interface (/etc/hostname.vr0)
Quote:
inet 192.168.1.3 255.255.255.0

PPPoe Interface (/etc/hostname.pppoe0)
Quote:
pppoedev fxp0 authproto pap authname "" authkey "" up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1
ifconfig status:
Quote:
pppoe:
status: no carrier
inet 0.0.0.1 -> 0.0.0.0
NAT Config:
Quote:
match out on pppoe0 inet from !(egress:network) to any nat-to (pppoe:0)
As you all know, all pf filtering need to perform on pppoe0 interface rather than external interface which mentioned in the man page.

route show Message:
Quote:
Code:
Internet:

Destination       Gateway     Flags     Interface
default                              0.0.0.1                 GS                    pppoe0 
0.0.0.1                              0.0.0.1                 HI                     lo0
loopback                           localhost             UGRS                  lo0
localhost                           localhost               UHI                   lo0
192.168.1/24                    link#2                   UC                   fxp0
192.168.1.2                      link#2                  UHLI                  lo0 
peterwkc.domain               link#2                   HLI                   lo0
192.168.1.255                  link#2                  UHLb                 lo0
Questions:
1. Why is the pppoe dialing is not successful?
2. Do you find anything wrong with the routing table?
3. Shoud I add /etc/mygate file or added it during pppoe negotiation?
4. Ping from OpenBSD box to Google DNS server was returned -1 error.

Please help. Thanks.

Last edited by Peter_APIIT; 12th June 2015 at 07:29 AM.
Reply With Quote
  #2   (View Single Post)  
Old 12th June 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

The addresses assigned to your internal interface (192.168.1.3/24) & your external interface (192.168.1.2/24) are on the same subnet.

Last edited by ocicat; 12th June 2015 at 12:31 PM. Reason: Corrected malformed network specification...
Reply With Quote
  #3   (View Single Post)  
Old 12th June 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

To be clear, they are both on the 192.168.1/24 subnet. Ocicat's reply contained a typo.
  • In TCP/IP networking, "routing" forwards packets between different subnets.
  • Except for specialized NICs such as carp(4), having two NICs on the same subnet is not supported -- if you have two NICs on the same subnet, it usually means there is usually an error in configuration, or an error in network design.
You will also need a sysctl set to forward packets, per FAQ 6.2.7.

Last edited by jggimi; 12th June 2015 at 01:29 PM. Reason: typo, clarity
Reply With Quote
  #4   (View Single Post)  
Old 12th June 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

A useful paper on understanding IPv4 addressing is the following:

http://www.di.unipi.it/~ricci/501302.pdf

Note that superscripting of exponents has gotten lost in the formatting...
Reply With Quote
  #5   (View Single Post)  
Old 13th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Thanks for highlighting out that there is same subnet error on the configuration.

Actually, I'm don't have understand what is same subnet error.

Example:
Quote:
192.168.1/24
192.168.2/24
Is this two IP addresses at the same subnet?

As documented in the pppoe man page, external device needs not configured with an static ip address. Is there any issues with this kind of configuration?

I had configured sysctl to enable packet forwarding.

Any errors on NAT or firewall ? Thanks.
Reply With Quote
  #6   (View Single Post)  
Old 13th June 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by Peter_APIIT View Post
Is this two IP addresses at the same subnet?
Here are the basics:
  • Given 192.168.1/24 & 192.168.2/24, the /24 indicates that 24 bits will be used to represent the network portion of the address. Three octets are being used. The fourth octet is not part of the network representation, & in this case is being ignored.
  • These network portions are the same for two octets, but differ in the third. The three octets are not the same for each address given. Therefore, two subnets are being shown.
For bonus points, this is how any host on a network determines whether a packet to be transmitted can simply be broadcasted to the local network, or sent to the default router to be forwarded to yet another subnet.
Reply With Quote
  #7   (View Single Post)  
Old 13th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Thanks for the detail explanation.

Questions:
Is there anything wrong with the NAT?
Why cannot ping ISP dns server with /etc/mygate file? What's wrong?

Below is the routing table:
with /etc/mygate
Code:
Destination             Gateway                IFace
default                   192.168.1.1             vr0
115.133.212.97       115.133.212.97         lo0
115.133.215.254     115.133.212.97         pppoe0
without /etc/mygate
Code:
Destination             Gateway               IFace
default                   115.133.215.254    pppoe0
115.133.212.97        115.133.212.97     lo0
115.133.215.254       115.133.212.97    pppoe0
Actually, I don't how to read linux routing table.
What wrong with it?


/etc/mygate
192.168.1.1

I set up the default gateway so that my internal network is able to utilize the internet connection but after set up mygate all routing table got hair-wired. Please help. Thanks.

Last edited by Peter_APIIT; 16th June 2015 at 12:15 PM. Reason: Added questions
Reply With Quote
  #8   (View Single Post)  
Old 17th June 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Do not use mygate(5). You added a default route in your hostname.pppoe0 file. That used the reserved address 0.0.0.1, which the pppoe(4) man page defined as a "wildcard" for the remote address. During PPPoE negotiation, this address was revised with the ISP provided remote address, and as PPP is Point-to-Point, that is the correct default route.

What is missing from the route table is your local network. Perhaps that is still undefined, or incorrectly addressed.

---

To try to help you, I've written up an example below. Please excuse the small amount of education which follows, in the event you already understand.

---

In TCP/IP, local networks can have variable sizes. The size of a local network is defined by a netmask. A netmask is a string of bits that start with ones, and end with zeros. The bits that are zeros define the size of the local network. Because it is inconvenient for humans to read long strings of ones and zeros, we either use decimal values, such as 255.255.255.0, or, because netmasks always begin with ones and end with zeros, we can use CIDR notation, where we just count the number of leading ones, such as /24.

Both 255.255.255.0 and /24 mean exactly the same thing: a netmask value of

11111111111111111111111100000000.

I chose a /24 network for my example, because it is a very common size for local networks. This is because humans use a.b.c.d address notation for IPv4, and a /24 network means the last octet, .d, is used for addresses on the local network. Note that there are eight zeros in that octet, defining values between 0 and 256. In this local network, there are a maximum of 256 local addresses, 254 of which can be used for devices. (All zeros, x.x.x.0, is reserved for routing, and all ones, x.x.x.255, is reserved for broadcast messages.)

With an IP address and netmask, any NIC driver can determine if an outgoing IP packet is destined for the local network, or destined elsewhere. If the packet needs to leave the local network, it must be routed.

Routing tables are usually very simple. They answer one question for the device. "What is the address of a router on my local network where I can send this packet so it can forward it somewhere else?"

That's it.

---

Let's look at a very simple, typical home network. It has a private network, 192.168.1.0/24. There are 256 local addresses, 254 of which can be used for devices. There is a single router, which we have defined at the address 192.168.1.1. There are two workstations, which we have defined at the addresses 192.168.1.2 and 192.168.1.3. Because this is an RFC 1918 subnet, the local addresses are not routable on the internet and this network uses NAT. The "real" Internet address is shared by the workstations and the router, and is assigned by the ISP. In our example, that "real" internet address is 203.0.113.22.

{Internet} - 203.0.113.22 [router] 192.168.1.1 [workstations 192.168.1.2 - 192.168.1.3]

Each of the workstations has one NIC. The router has two NICs: one NIC on the local network, the other NIC on the Internet.

The three devices on the local network can communicate with each other without routing. Each NIC driver knows its IP address, and its netmask, and any packets destined for the local network are sent directly.

If you are using one of the two workstations, and you wish to reach an address on the Internet, the NIC will know that your outgoing packet must be routed. The workstation must know the address of the router. It must know the answer to "When I need to send a packet to an address not on this local network, which device on this network do I send it to?

That device would be the router, at local address 192.168.1.1 on the local network, and which also has Internet address 203.0.113.22 on its NIC connected to the Internet.

When there is only one router on a local network, the workstation only need one key address in its routing table. The default route. This is the address of a router on the local network that routes all traffic destined to other networks, regardless of address.

Your workstation gets this default route one of two ways. Dynamically, perhaps via a DHCP server, or statically, by manual configuration. If that workstation is OpenBSD, routing assignments are made via DHCP or other dynamic tools, or via mygate(5), used when assigning a static default route for a system where IP addresses are assigned statically.

Now, lets turn to the router. In our example, the router has two networks to deal with. It's internal, 192.168.1/24 network, and its external network. The ISP provided the 203.0.113.22 IP address, a /28 netmask (255.255.255.240), and its own default route, 203.0.113.17. The router must assign the IP address and netmask to that external facing NIC, and the default route to its routing table. The router's tables will have two two key routes. An explicit route for addresses on the local subnet 192.168.1/24, via its internal facing NIC, and a default route to the Internet, on its externally facing NIC, for all addresses other than those in 192.168.1/24.

If PPPoE was used in our example router, the negotiation should automatically create the default route to 203.0.113.17.

Last edited by jggimi; 17th June 2015 at 04:48 PM. Reason: typos. hexadecimal -> decimal. Some attempts at clarity.
Reply With Quote
  #9   (View Single Post)  
Old 18th June 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Quote:
Originally Posted by jggimi View Post
Do not use mygate(5). You added a default route in your hostname.pppoe0 file. That used the reserved address 0.0.0.1, which the pppoe(4) man page defined as a "wildcard" for the remote address. During PPPoE negotiation, this address was revised with the ISP provided remote address, and as PPP is Point-to-Point, that is the correct default route.

What is missing from the route table is your local network. Perhaps that is still undefined, or incorrectly addressed.

---

To try to help you, I've written up an example below. Please excuse the small amount of education which follows, in the event you already understand.

---

In TCP/IP, local networks can have variable sizes. The size of a local network is defined by a netmask. A netmask is a string of bits that start with ones, and end with zeros. The bits that are zeros define the size of the local network. Because it is inconvenient for humans to read long strings of ones and zeros, we either use decimal values, such as 255.255.255.0, or, because netmasks always begin with ones and end with zeros, we can use CIDR notation, where we just count the number of leading ones, such as /24.

Both 255.255.255.0 and /24 mean exactly the same thing: a netmask value of

11111111111111111111111100000000.

I chose a /24 network for my example, because it is a very common size for local networks. This is because humans use a.b.c.d address notation for IPv4, and a /24 network means the last octet, .d, is used for addresses on the local network. Note that there are eight zeros in that octet, defining values between 0 and 256. In this local network, there are a maximum of 256 local addresses, 254 of which can be used for devices. (All zeros, x.x.x.0, is reserved for routing, and all ones, x.x.x.255, is reserved for broadcast messages.)

With an IP address and netmask, any NIC driver can determine if an outgoing IP packet is destined for the local network, or destined elsewhere. If the packet needs to leave the local network, it must be routed.

Routing tables are usually very simple. They answer one question for the device. "What is the address of a router on my local network where I can send this packet so it can forward it somewhere else?"

That's it.

---

Let's look at a very simple, typical home network. It has a private network, 192.168.1.0/24. There are 256 local addresses, 254 of which can be used for devices. There is a single router, which we have defined at the address 192.168.1.1. There are two workstations, which we have defined at the addresses 192.168.1.2 and 192.168.1.3. Because this is an RFC 1918 subnet, the local addresses are not routable on the internet and this network uses NAT. The "real" Internet address is shared by the workstations and the router, and is assigned by the ISP. In our example, that "real" internet address is 203.0.113.22.

{Internet} - 203.0.113.22 [router] 192.168.1.1 [workstations 192.168.1.2 - 192.168.1.3]

Each of the workstations has one NIC. The router has two NICs: one NIC on the local network, the other NIC on the Internet.

The three devices on the local network can communicate with each other without routing. Each NIC driver knows its IP address, and its netmask, and any packets destined for the local network are sent directly.

If you are using one of the two workstations, and you wish to reach an address on the Internet, the NIC will know that your outgoing packet must be routed. The workstation must know the address of the router. It must know the answer to "When I need to send a packet to an address not on this local network, which device on this network do I send it to?

That device would be the router, at local address 192.168.1.1 on the local network, and which also has Internet address 203.0.113.22 on its NIC connected to the Internet.

When there is only one router on a local network, the workstation only need one key address in its routing table. The default route. This is the address of a router on the local network that routes all traffic destined to other networks, regardless of address.

Your workstation gets this default route one of two ways. Dynamically, perhaps via a DHCP server, or statically, by manual configuration. If that workstation is OpenBSD, routing assignments are made via DHCP or other dynamic tools, or via mygate(5), used when assigning a static default route for a system where IP addresses are assigned statically.

Now, lets turn to the router. In our example, the router has two networks to deal with. It's internal, 192.168.1/24 network, and its external network. The ISP provided the 203.0.113.22 IP address, a /28 netmask (255.255.255.240), and its own default route, 203.0.113.17. The router must assign the IP address and netmask to that external facing NIC, and the default route to its routing table. The router's tables will have two two key routes. An explicit route for addresses on the local subnet 192.168.1/24, via its internal facing NIC, and a default route to the Internet, on its externally facing NIC, for all addresses other than those in 192.168.1/24.

If PPPoE was used in our example router, the negotiation should automatically create the default route to 203.0.113.17.
First of all,

Thanks for your brief explanation.
The written information is very informative yet useful.

Netmask is used to determines the size of network.
Zero represents size of networks in binary form.
x.x.x.0 is reserved for routing
x.x.x.255 is reserved for broadcast

Each entry in routing table represents one hops.
As you mentioned, default route represents routes all traffic to other networks (Internet).

There are two entry in the routing table.
1. default route to INTERNET
2. Route for 192.168.1/24 local subnet

The OpenBSD box will NAT its private address from internal IP to external IP address and forward to external NIC for further routing.

Answers:
I'm think need to change the internal NIC IP address to 192.168.1.1 via /etc/hostname.vr0 and put this address to workstation as gateway address.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD Router & Wireless AP setup chigurh OpenBSD General 14 7th April 2015 06:56 PM
Replacing 3Com Router with OpenBSD Dr-D OpenBSD General 55 28th June 2011 10:01 PM
issues with setting up symon on openbsd badguy OpenBSD Security 12 22nd July 2009 02:21 AM
Using OpenBSD as a second router paran0iaX OpenBSD Security 32 20th March 2009 04:51 AM
Gnome issues in OpenBSD 4.2 Shredder OpenBSD General 61 27th May 2008 07:34 AM


All times are GMT. The time now is 05:25 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick