Incoming connection via VLAN

Thu, 29 Aug 2019 19:51:34 -0700 

Hello all,

My home internet connection (Internode Australia) has recently been
"upgraded" and is now delivered via vlan ID 2. Previously had the
following configuration which worked without issue:

# cat /etc/hostname.em0
up

# cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
        pppoedev em0 authproto pap \
        authname 'x...@internode.on.net' \
        authkey 'XXXX' up
dest 0.0.0.1
inet6 eui64
!/sbin/route add default -ifp pppoe0 0.0.0.1
!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0
!/etc/rc.d/dhcp6c restart
!/sbin/pfctl -ef /etc/pf.conf

After working out the vlan stuff I now have the following:

# cat /etc/hostname.em0
up

# cat /etc/hostname.vlan2
vnetid 2 parent em0 txprio 1
up

# cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
        llprio 1 mtu 1440 \
        pppoedev vlan2 authproto pap \
        authname 'x...@internode.on.net' \
        authkey 'XXXX' up
dest 0.0.0.1
inet6 eui64
!/sbin/route add default -ifp pppoe0 0.0.0.1
!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0
!/etc/rc.d/dhcp6c restart
!/sbin/pfctl -ef /etc/pf.conf

I am able to access the internet fine. My problem is incoming
connections are unable to access the OBSD router but are able to be
redirected to internal hosts just fine. There was no problems with this
prior to the vlan stuff. My stripped down pf.conf is:

# cat /etc/pf.conf
egress = "pppoe0"
zappa = "10.0.1.2"

set skip on lo
set skip on vlan2
set block-policy drop
set loginterface $egress

queue outq on $egress bandwidth 13M max 13M flows 1024 qlimit 1024 default

match in inet all scrub (no-df random-id)
match on $egress inet scrub (max-mss 1440)
# NAT all outbound IPv4 traffic from the rest of our network
match out on $egress inet from !($egress:network) to any nat-to ($egress:0)

antispoof quick for lo

pass in on $egress proto { tcp udp } from any to ($egress) port { ssh
http https }
pass in on $egress proto tcp from any to ($egress) port 51022 rdr-to
$zappa port ssh

Running tcpdump on pppoe0 show ICMP packets but never any SSH (or other
TCP) packets coming in on egress. I am confused that rdr-to works but
not connections to the router do not.

Any help would be greatly appreciated.

-felix

Reply via email to