DaemonForums  

Go Back   DaemonForums > NetBSD > NetBSD General

NetBSD General Other questions regarding NetBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th July 2020
dnslc's Avatar
dnslc dnslc is offline
Port Guard
 
Join Date: Jun 2020
Location: Australia
Posts: 24
Default NetBSD router

I have NetBSD on a Raspberry Pi that I want to make into a router.

I have a USB wifi adapter plugged into it that is connected to the internet
And I have a USB to Ethernet adapter plugged in as well, with an Ethernet cable plugged into that adapter going to another computer (for now OpenBSD, but I want to be able to send the traffic not just directly to another computer but maybe to a switch or wireless access point).

(NetBSD) ifconfig urtwn0 (the wifi adapter) output
Code:
urtwn0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        ssid ComComs_5D74 nwkey *****
        powersave off
        bssid b0:be:76:58:5d:74 chan 2
        address: 74:da:38:f1:9e:16
        media: IEEE802.11 autoselect (OFDM54 mode 11g)
        status: active
        inet6 fe80::2be7:73a5:1b3e:5e2c%urtwn0/64 flags 0x0 scopeid 0x5
        inet 192.168.0.117/24 broadcast 192.168.0.255 flags 0x0
(NetBSD) ifconfig ure0 (USB to Ethernet adapter) output
Code:
ure0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        capabilities=3ff00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx>
        capabilities=3ff00<UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx>
        capabilities=3ff00<UDP6CSUM_Rx,UDP6CSUM_Tx>
        enabled=0
        ec_capabilities=1<VLAN_MTU>
        ec_enabled=0
        address: 00:e0:4c:36:36:f0
        media: Ethernet autoselect (none)
        status: no carrier
(OpenBSD) ifconfig fxp0 (Ethernet) output
Code:
fxp0: flags=808843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF4> mtu 1500
	lladdr 00:00:39:0a:c2:34
	index 1 priority 0 llprio 3
	media: Ethernet autoselect (none)
	status: no carrier

I have added
Code:
net.inet.ip.forwarding=1
to /etc/sysctl.conf
and
Code:
gateway_enable="YES"
to /etc/rc.conf
But I don't think it did anything.

How do I ``point'' ure0 traffic to and from urtwn0?
I don't need a complete guide on how to do this (but I'll take one if available), I would be happy to just be pointed in the right direction with what man pages I should read, or keywords to search.
Reply With Quote
  #2   (View Single Post)  
Old 28th July 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Here's a little help on IP routing.

Routes to directly connected networks are automatic, and defined by the size of the attached subnet. A simple example is shown below. In the example, traffic to a device on subnet A, such as 10.1.1.99, is routed through the NIC configured as 10.1.1.1/24, while traffic to a device on subnet B, such as 10.2.2.99, is routed through the NIC configured as 10.2.2.2/24. With /24 subnets (netmask 255.255.255.0), the first three bytes define the subnet, the last byte defines an address on the subnet.
Code:
[A: 10.1.1.1/24] - [router] - [B: 10.2.2.2/24]
Indirect routes are defined through "next step" definitions in the form of "to reach <destination subnet> send traffic to <adjacent router>."

In the simplest of Internet-connected networks, there is a single gateway router and a default route, where the destination subnet is the entire Internet -- all addresses -- defined either with "0.0.0.0/0" or "default". And the default route is usually assigned by DHCP.
Reply With Quote
  #3   (View Single Post)  
Old 28th July 2020
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

It looks like your ure0 and fxp0 interfaces each don't have a IP address assigned. Have you tried to do that in any way? They will need to be on the same subnet, different from 192.168.0/24 .
Reply With Quote
  #4   (View Single Post)  
Old 28th July 2020
dnslc's Avatar
dnslc dnslc is offline
Port Guard
 
Join Date: Jun 2020
Location: Australia
Posts: 24
Default

I gave both IPs

(OpenBSD)
Code:
openbsd$ ifconfig fxp0 inet alias 192.168.1.10/24
(NetBSD)
Code:
arm64$ ifconfig ure0 inet alias 192.168.1.11/24
They are able to ping each other.

Then I routed urtwn0(192.168.0.117) to ure0(192.168.1.11)
Code:
arm64$ sudo route add -net 192.168.1.11/24 192.168.0.117
route: writing to routing socket: File exists
add net 192.168.1.11: gateway 192.168.0.117: File exists
They cannot ping each other, not on 192.168.1 or 192.168.0

Then made 192.168.1.10(fxp0) the default gateway
Code:
openbsd$ sudo route add -inet default 192.168.1.10
add net default: gateway 192.168.1.10
This didn't work, nether have internet now.

ure0 has a new IP as well that I didn't add
Code:
ure0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        capabilities=3ff00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx>
        capabilities=3ff00<UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx>
        capabilities=3ff00<UDP6CSUM_Rx,UDP6CSUM_Tx>
        enabled=0
        ec_capabilities=1<VLAN_MTU>
        ec_enabled=0
        address: 00:e0:4c:36:36:f0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::6be:76ed:5ad:5640%ure0/64 flags 0x0 scopeid 0x1
        inet 192.168.1.11/24 broadcast 192.168.1.255 flags 0x0
        inet 169.254.160.81/16 broadcast 169.254.255.255 flags 0x0
I cannot delete the new IP ether, it just keeps making a new one
Code:
arm64$ sudo ifconfig ure0 inet delete 169.254.237.167
arm64$ ifconfig ure0
ure0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        capabilities=3ff00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx>
        capabilities=3ff00<UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx>
        capabilities=3ff00<UDP6CSUM_Rx,UDP6CSUM_Tx>
        enabled=0
        ec_capabilities=1<VLAN_MTU>
        ec_enabled=0
        address: 00:e0:4c:36:36:f0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::6be:76ed:5ad:5640%ure0/64 flags 0x0 scopeid 0x1
        inet 169.254.166.23/16 broadcast 169.254.255.255 flags 0x1<TENTATIVE>
I don't know much about networking, so your patience and help is much appreciated.

Last edited by dnslc; 28th July 2020 at 07:10 PM.
Reply With Quote
  #5   (View Single Post)  
Old 28th July 2020
dnslc's Avatar
dnslc dnslc is offline
Port Guard
 
Join Date: Jun 2020
Location: Australia
Posts: 24
Default

Trying something new

Code:
openbsd$ sudo ifconfig fxp0 inet 10.0.0.1/24
Code:
arm64$ sudo ifconfig ure0 inet 10.0.0.2 netmask 0xffffff00
I noticed before they had different broadcast addresses.
They can ping each other now.

Code:
arm64$ sudo route add -inet 10.0.0.2 192.168.0.117
They can still ping each other and have internet access.

Code:
openbsd$ sudo route add -inet default 10.0.0.1
They can still ping each other but OpenBSD has no internet.

It looks like NetBSD is acting as a router
Code:
arm64$ netstat -r
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu Interface
default            192.168.0.1        UGS         -        -      -  mue0
10.0.0/24          link#1             UC          -        -      -  ure0
[...]
I don't think `route' is the correct command though, here is what the man page says:
Code:
     route can be used to modify nearly any aspect of the routing policy,
     except packet forwarding, which can be manipulated through the sysctl(8)
     command.
Does NetBSD need to be a bridge?

Last edited by dnslc; 28th July 2020 at 08:45 PM.
Reply With Quote
  #6   (View Single Post)  
Old 28th July 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by dnslc View Post
I gave both IPs

(OpenBSD)
Code:
openbsd$ ifconfig fxp0 inet alias 192.168.1.10/24
...
I recommend NOT using "alias" when assigning a single address to any NIC. Aliases are used when a NIC needs to listen and respond to multiple addresses, and are not considered primary addresses.
Quote:
...Then I routed urtwn0(192.168.0.117) to ure0...
This is a provisioning error. First, your arm64 server has two NICs with two subnets and already knows how to reach both subnets, so your additional route didn't add value. Second, your destination was a single address rather than the entire subnet.
Quote:
...They cannot ping each other....I don't think `route' is the correct command though, here is what the man page says:
Code:
     route can be used to modify nearly any aspect of the routing policy,
     except packet forwarding, which can be manipulated through the sysctl(8) 

     command.
Yes, you need to enable Packet Forwarding. The NetBSD FAQ says, "You can either compile a kernel with options GATEWAY, or you can sysctl -w net.inet.ip.forwarding=1 each time your machine boots, or put net.inet.ip.forwarding=1 into /etc/sysctl.conf."

It may help to diagram your planned topology, such as in my first post.
Reply With Quote
  #7   (View Single Post)  
Old 28th July 2020
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

It looks like you have partial progress, but still some mistakes. I haven't been able to follow everything (partly due to lack of time), e.g., I don't understand where mue0 came from. But I'll try to follow up on one area.

The NetBSD machine can be a router, no need for a bridge. As for OpenBSD not having internet, it looks to me like this may be (part of) the problem:

Quote:
openbsd$ sudo route add -inet default 10.0.0.1
What you want to do is tell the OpenBSD machine that the NetBSD pi is its gateway to the world. So you need to put the NetBSD's address as the gateway in your OpenBSD default route assignment. That should be something like this:

Quote:
openbsd$ sudo route add -inet default 10.0.0.2
This tells it to send packets which are not addressed to any specific network it knows about to the default route, and address them to 10.0.0.2 -- the gateway -- which will take care of how to send them along to their destination. It knows how to send packets to the gateway because it's already on a specific network 10.0.0.0/24 that it knows about from the ifconfig statement where you assigned the 10.0.0.1 address to fxp0 with the netmask ff.ff.ff.00 <==> /24 .
Reply With Quote
  #8   (View Single Post)  
Old 29th July 2020
dnslc's Avatar
dnslc dnslc is offline
Port Guard
 
Join Date: Jun 2020
Location: Australia
Posts: 24
Default

Quote:
Originally Posted by IdOp View Post
It looks like you have partial progress, but still some mistakes. I haven't been able to follow everything (partly due to lack of time), e.g., I don't understand where mue0 came from. But I'll try to follow up on one area.

The NetBSD machine can be a router, no need for a bridge. As for OpenBSD not having internet, it looks to me like this may be (part of) the problem:



What you want to do is tell the OpenBSD machine that the NetBSD pi is its gateway to the world. So you need to put the NetBSD's address as the gateway in your OpenBSD default route assignment. That should be something like this:



This tells it to send packets which are not addressed to any specific network it knows about to the default route, and address them to 10.0.0.2 -- the gateway -- which will take care of how to send them along to their destination. It knows how to send packets to the gateway because it's already on a specific network 10.0.0.0/24 that it knows about from the ifconfig statement where you assigned the 10.0.0.1 address to fxp0 with the netmask ff.ff.ff.00 <==> /24 .
mue0 is just the ethernet port, same as urtwn0 basically, just providing internet (I forgot to mention it).

Thanks a lot your post is helping, I am understanding a bit.

Code:
openbsd$ sudo route add -inet default 10.0.0.2
Lets OpenBSD ping any IP on NetBSD, but not onwards anywhere else.

I would assume that I would need to run
Code:
$ sudo route add -inet 10.0.0.0 192.168.0.1
on NetBSD then (packets with a Destination of 10.0.0.0 go to the Gateway 192.168.0.1)
But that command does nothing, OpenBSD still can't ping 192.168.0/24 (apart from mue0/urtwn0, 192.168.0.108/192.168.0.116)
Reply With Quote
  #9   (View Single Post)  
Old 29th July 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Please let me know if this attempt to diagram your topology is correct or incorrect. (All subnets /24):
Code:
NetBSD:

     {Internet} - [mue0 192.168.0.108] 
     {Wired LAN} - [ure0 10.0.0.2]
     {WiFi LAN} - [urtwn0 192.168.0.117]

OpenBSD:
      {Wired LAN} - [fxp0 10.0.0.1]
If my view of your topology matches your configuration, then there is a clear configuration error. Two NICs (mue0 and urtwn0) on one system should NOT be provisioned on the same subnet. Not directly. There are mechanisms to share a subnet with multiple NICs, such as trunking or address redundancy mechanisms. On BSD's, these are driven through pseudo-NICs such as trunk(4) on OpenBSD or agr(4) on NetBSD, or carp(4) on both OSes.

If my view of your topology matches your configuration, then my recommendations are:
  1. Set the default gateway on the OpenBSD machine to 10.0.0.2. This is done either with the command IdOp recommended, # route add default 10.0.0.2, or via provisioning this address in the mygate(5) file: # echo 10.0.0.2 > /etc/mygate.
  2. Disable the urtwn0 NIC, so that your connections from the OpenBSD workstation to the Internet are wired only, for the time being, to ensure a simple topology.
  3. Address the issue of a wired / wifi on the same subnet after getting this to work wired-only. On OpenBSD, a wired and wireless NIC would be able to share the same IP address using trunk(4). I do not know what the equivalent is on NetBSD; the agr(4) driver does not have that functionality, it is used for IEEE 802.3ad LACP link aggregation protocol.
Reply With Quote
Old 29th July 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

FWIW regarding step 3: NetBSD does not appear to have a pseudo-NIC solution for wired/wireless on the same subnet. There are at least 2 different solutions, though: https://blog.netbsd.org/tnf/entry/sw...d_and_wireless
Reply With Quote
Reply

Tags
ethernet, netbsd, router

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
home router + firewall behind ISP router beiroot OpenBSD General 24 3rd April 2017 08:40 PM
NAT router psypro OpenBSD General 18 27th October 2016 08:29 PM
DSL Router Zvrk NetBSD General 1 18th June 2009 01:21 PM
Using OpenBSD as a second router paran0iaX OpenBSD Security 32 20th March 2009 04:51 AM
D-link (DI-524) router c0mrade General software and network 3 26th January 2009 08:14 AM


All times are GMT. The time now is 07:45 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick