DaemonForums  

Go Back   DaemonForums > NetBSD > NetBSD General

NetBSD General Other questions regarding NetBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd March 2009
Pjoter's Avatar
Pjoter Pjoter is offline
Shell Scout
 
Join Date: Sep 2008
Posts: 92
Thanked 7 Times in 7 Posts
Default PF and LAN

Hello,

I am newbie in terms of network management under NetBSD. I want to have PF working on my router but unfortunately I cannot manage to have it working. My LAN is quite simple. It looks like that:

Code:
Ethernet -> ISP WIFI Router -> My router -> ethernet card -> LAN
ISP WIFI via dhcp provides IP 192.168.1.9 to ral0 (my router), than via vr0 my router provides lan to my small network (range 192.168.2./24). The scheme is:

Code:
Ethernet -> WIFI 192.168.1/24 -> ral0 192.168.1.9 -> vr0 192.168.2.1 -> lan 192.168.2/24
.

Via dhcp on vr0 I can provide link to any computer, let's say I use wm0 in my laptop. From my laptop I can ping the vr0 192.168.2.1, ral0 192.168.1.9 but not ISP router 192.168.1.1.

On my router I set default route 192.168.1.1 and on my laptop default route is also 192.168.1.1 (neither change to 192.168.2.1 or 192.168.1.9 allows me to ping anything outside 192.168.1.9).

I set up pf and pflog properely- I mean it work, I have no issues with synthax about pf.conf.

pf.conf looks like that:

Code:
ext_if="ral0"
int_if="vr0"
icmp_types="{echoreq}"
localnet=$int_if:network
nat on $int_if from $localnet to any -> ($ext_if)
block all
pass from {lo0,$localnet} to any keep state
I can see that traffic is working i.e. by pfctl -s info. Also I can log in via ssh on 192.168.1.9. But nothing else.

Is there any chance to allow routing from wm0 through vr0 outside the ral0? I read The Book of PF and tried many setting but unfortunately none of them work.

Please if you have some examples of similar networks, share with me your pf.conf or advise how to configure properly.

Packet forwarding (both IPv4 and IPv6 is set on 1 so active).

Thank you for any help,

With kind regards,

Piotr

Last edited by Pjoter; 23rd March 2009 at 09:07 PM.
Reply With Quote
  #2   (View Single Post)  
Old 25th March 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default

Code:
   INTERNET
       |
       |
-------|------------
    external
  192.168.1.9
           
     NBSD
    router
        
  192.168.2.1        
    internal
-------|------------
       |
       |
       |
    switch 
  internal Lan
  192.168.2.0/24
Your internal LAN clients should have 192.168.2.1 as their default gateway. The default gateway always is on the same net as the client using the default gateway.

Your NAT rule is not correct. You should NAT on the external interface:
Code:
nat on $ext_if from $localnet to any -> ($ext_if)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 29th March 2009
Pjoter's Avatar
Pjoter Pjoter is offline
Shell Scout
 
Join Date: Sep 2008
Posts: 92
Thanked 7 Times in 7 Posts
Default

Hey,

thank you. It works now

Piotr
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:19 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick