Sorry for the confusion... I will try to summarize...
I have a machine on each side of a router I am building (3.7). One one side it is a firewall connected to the internet (192.168.0.2/24) On the other side it is a linux notebook (10.4.50.1/16) >From linux I can ping any interface on the router But I cannot ping the firewall (packets just lost) >From the firewall, I can ping any interface on the router and also the linux notebook. I have IP forwarding enabled, and do NOT have PF running. > > # sysctl -a | grep forward > > net.inet.ip.forwarding=1 The whole shebangs default gateway's head out through the firewall. I added the route into the firewall so it could find the 10.4.0.0 network. A traceroute from the firewall to the notebook shows 1 192.168.0.4 (192.168.0.4) 2.219 ms 0.320 ms 0.276 ms 2 10.4.50.1 (10.4.50.1) 0.429 ms 0.513 ms 0.376 ms A traceroute from the notebook to the firewall shows 1 10.4.0.1 (10.4.0.1) 0.136 ms 0.070 ms 0.061 ms 2 * * * 3 * * * 4 * * * etc, etc... What baffles me is that it seems as though the packets are not finding thier way back once they get to the router (10.4.0.1) but the machine I am pinging is along the default route, and that machine can find its way to the notebook. I can also ping the 192.168.0.4 from the notebook, so it knows how to get to that segment, it seems to be not forwarding though. This is the routers table: Internet: Destination Gateway Flags Refs Use Mtu Interface default 192.168.0.2 UGS 0 841 - em0 10.2/16 link#2 UC 0 0 - em1 10.3/16 link#3 UC 0 0 - em2 10.4/16 link#4 UC 0 0 - em3 10.4.50.1 00:02:a5:6c:59:2f UHLc 0 6 - em3 10.5/16 link#5 UC 0 0 - em4 10.6/16 link#7 UC 0 0 - em6 10.7/16 link#8 UC 0 0 - em7 loopback localhost UGRS 0 0 33224 lo0 localhost localhost UH 0 604 33224 lo0 192.168.0/24 link#1 UC 0 0 - em0 192.168.0.2 00:60:97:5b:72:45 UHLc 0 252 - em0 192.168.0.5 00:01:e6:81:c7:05 UHLc 0 2 - em0 192.168.0.198 00:0b:cd:07:8f:45 UHLc 0 1520 - em0 BASE-ADDRESS.MCAST localhost URS 0 0 33224 lo0 On Wed, 31 Aug 2005 22:50:26 -0700 Bryan Irvine <[EMAIL PROTECTED]> wrote: > That was kind of hard to follow. > > Can you post traceroutes? > > > --Bryan > > On 8/31/05, Bill <[EMAIL PROTECTED]> wrote: > > OBSD 3.7 - new install > > > > I am building a router. And I am having a routing problem. I am not > > doing any packet filtering, NAT or anything... its all strictly private > > address space nets I also most definately have ip forwarding set in > > sysctl > > > > Right now I have the router installed with two active interfaces... > > > > Segment A (192.168.0.4) interface on the router > > Segment B (10.3.0.1) interface on the router > > > > Now I have a machine on each segment also: > > > > 192.168.0.2 (Segment A) > > 10.3.50.1 (Segment B) > > > > Segment B has the default gateway set to 192.168.0.2 > > (192.168.0.2 then passes out to the internet ) > > > > From 10.3.50.1 my default gateway on is the 10.3.0.1 (router nic). I > > can ping any of the other interface cards on the router (there are a > > few) including the 192.168.0.4 interface on the router. But I cannot > > ping the 192.168.0.2 machine. > > > > * WAIT * I know what you are going to say... but I DO have the ip > > forwarding set > > > > # sysctl -a | grep forward > > net.inet.ip.forwarding=1 > > > > I checked many times since. > > > > Now, if I go to the 192.168.0.2 machine, I added a route so it knows > > where the 10.3.0.0 network is, and I can ping the 10.3.50.1 machine no > > problem. I can also ping all the other nic's on the router. So the > > router is forwarding packets. > > > > So if the pings can get from 192.168.0.2 to 10.3.50.1, the ping > > responses from 10.3.50.1 should be able to be returned from the > > 192.168.0.2 box back no problem. > > > > I am not sure where the pings are being lost... if the machine on > > segment A knows how to reach segment B and can ping it... doesn't that > > mean the segment B machine essentially can get pings back if it sends > > them to Segment A? Segment A is its default route. > > > > Confused... > > > > Any help would be greatly appreciated > > > > All the boxes are obsd 3.7 except for the 10.3.50.1 box which is linux > > > > > > > > > > > > > > -- > > > > Bill Chmura > > Director of Internet Technology > > Explosivo ITG > > Wolcott, CT > > > > p: 860.621.8693 > > e: [EMAIL PROTECTED] > > w. http://www.explosivo.com > > > > -- Bill Chmura Director of Internet Technology Explosivo ITG Wolcott, CT p: 860.621.8693 e: [EMAIL PROTECTED] w. http://www.explosivo.com