|
|
|||||||
| OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
 |
|
|
Thread Tools | Display Modes |
7th April 2015
|
|||
|
|||
Soekris - home network
Problem is that I can't get Internet on Debian PC or WIFI clients
Here is my setup: Code:
# pfctl -d pfctl: pf not enabled Code:
# sysctl net.inet.ip.forwarding=1 net.inet.ip.forwarding: 1 -> 1 Code:
# cat dhcpd.conf
subnet 10.10.10.0 netmask 255.255.255.0 {
option routers 192.168.2.1;
range 10.10.10.90 10.10.10.99;
}
vr0 is connected to ADSL router with IP 192.168.1.1 Code:
# cat hostname.vr0 #inet 192.168.1.11 255.255.255.0 NONE dhcp Code:
# cat hostname.vr1 inet 192.168.2.1 255.255.255.0 NONE Code:
# cat hostname.ath0 inet 10.10.10.1 255.255.255.0 mediaopt hostap nwid benky nwkey 12345 Code:
# eth0 settings auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.2.22 netmask 255.255.255.0 gateway 192.168.2.1 Code:
# route show -inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default sx763.sx76x.gigase UGS 0 5 - 8 vr0
10.10.10/24 link#5 UC 0 0 - 4 ath0
10.10.10.1 00:12:bf:60:80:32 UHLl 0 0 - 1 lo0
10.10.10.255 link#5 UHLb 0 0 - 1 ath0
loopback localhost UGRS 0 0 32768 8 lo0
localhost localhost UHl 1 0 32768 1 lo0
192.168.1/24 link#1 UC 1 0 - 4 vr0
sx763.sx76x.gigase c0:d0:44:66:bb:40 UHLc 3 119 - 4 vr0
00-00-24-cc-54-bc. 00:00:24:cc:54:bc UHLl 0 0 - 1 lo0
192.168.1.255 link#1 UHLb 0 0 - 1 vr0
192.168.2/24 link#2 UC 1 0 - 4 vr1
192.168.2.1 00:00:24:cc:54:bd HLl 0 0 - 1 lo0
192.168.2.22 bc:5f:f4:d9:95:d1 UHLc 0 2 - 4 vr1
192.168.2.255 link#2 UHLb 0 0 - 1 vr1
base-address.mcast localhost URS 0 0 32768 8 lo0
Code:
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
priority: 0
groups: lo
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:cc:54:bc
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.244 netmask 0xffffff00 broadcast 192.168.1.255
vr1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:cc:54:bd
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
vr2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:cc:54:be
priority: 0
media: Ethernet autoselect (none)
status: no carrier
vr3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:cc:54:bf
priority: 0
media: Ethernet autoselect (none)
status: no carrier
ath0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:12:bf:60:80:32
priority: 4
groups: wlan
media: IEEE802.11 autoselect hostap (autoselect mode 11b hostap)
status: active
ieee80211: nwid benky chan 1 bssid 00:12:bf:60:80:32 nwkey 12345
inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33192
priority: 0
groups: pflog
|
|
7th April 2015
|
||||
|
||||
|
I needed to look no further than this:
Quote:
See the Network Address Translation chapter of the PF User's Guide. Last edited by jggimi; 7th April 2015 at 10:25 AM. Reason: clarity
|
|
7th April 2015
|
|||
|
|||
|
thank you, my intention was first to built the basic connections between all interfaces and local network to Internet. Immediately after setting connections my second step is configuring PF.
Quote:
Code:
pass out on vr0 inet from vr1:network to any nat-to vr0 Is it possible to get it to work without it? Something like bridge or defining new route? Last edited by benky; 7th April 2015 at 03:19 PM. Reason: Solved :)
|
|
7th April 2015
|
|||
|
|||
|
Quote:
For more details, study RFC 1918.
|
|
7th April 2015
|
|||
|
|||
|
Quote:
|
|
7th April 2015
|
||||
|
||||
|
Quote:
If you did not use NAT in OpenBSD, you would need to add one or more static routes (e.g: 10/8) to the modem, so that it "knows" that packets destined for your internal networks must be routed to your OpenBSD system. It's NAT capabilities would also need to encompass those subnets. The best practice for these environments is to provision the ADSL modem in "bridge mode", so that your "real" Internet address is exposed and assigned to the OpenBSD router. In this way, only one layer of NAT is needed. How that is done depends on the make/model of device and its provisioning capabilities. My last VDSL modem had a "SuperDMZ" mode which was similar, but not equivalent, to a true bridged operation. But you can always retain multiple NAT layers, and not touch the ADSL modem's provisioning. Here is a two-line, pass-everything PF configuration that includes NAT for your configuration, where vr0 is your egress NIC. I haven't tested it. Code:
match out on vr0 from !vr0:network to any nat-to (vr0) pass If these two rules work on the 192.168.1/24 subnet, they will work on a "real" Internet facing subnet also. However, this ruleset is NOT best practice, and is suitable for testing only. That is because it filters nothing. Last edited by jggimi; 7th April 2015 at 04:39 PM. Reason: typo
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Soekris 5501-70 PXE install | benky | OpenBSD Installation and Upgrading | 1 | 30th March 2015 09:13 PM |
| Soekris experiences | Carpetsmoker | General Hardware | 42 | 21st August 2009 01:52 PM |
| soekris help | revzalot | OpenBSD Installation and Upgrading | 6 | 17th December 2008 07:40 PM |
| Soekris Help | revzalot | General Hardware | 2 | 27th August 2008 01:35 PM |
| Resources for Home Network Design and Implementation | JMJ_coder | General software and network | 11 | 14th July 2008 05:31 AM |
Linear Mode
