Beginner NAT / route / pfctl question

Wed, 15 Aug 2007 07:15:45 -0700 

I'm building a firewall / gateway on OpenBSD and seem to have the pieces
working separately, but need a clue as to how to get them to fit
together.  Basically, I can connect to and from each interface but not
across them.

I can connect from A to B (and from B to A) via SSH, ping, HTTP
I can connect C to D and E and D or E to C.

However, I cannot but would like to connect from A to D and E.  I expect
that the routing is somehow fouled up or needs to be done manually.
pf.conf is already about as simple as it can be.

Where should I look to allow connections between A and E?
Would this be better using IPv6 only?

-Lars

====

Topology:

    +-----------------------+
    | A) 192.168.222.0/24   |
    |    Laboratory Subnet  |
    +-----------+-----------+
                |
+---------------+--------------------+
|               |                O   |
| +-------------+------------+   p  h|
| | B) 192.168.222.1 on re0  |   e  o|
| +-------------+------------+   n  s|
|               |                B  t|
| +-------------+-------------+  S   |
| | C) 192.168.101.250 on em0 |  D   |
| +-------------+-------------+  4.1 |
|               |                    |
+---------------+--------------------+
                |
    +-----------+-----------+
    | D) 192.168.101.0/24   |
    |       House LAN       +
    |    via 192.168.101.1  |
    +-----------+-----------+
                |
          E) the world

=====

pf.conf

        # network interfaces
        LAN="em0"       # interface to Intranet
        LAB="re0"       # interface to Laboratory
        
        # networks
        FOSS_Lab="192.168.222.0/24"     # doled out by 192.168.222.1
        Intranet="192.168.101.0/24"     # doled out by 192.168.101.1

        # gateways
        LAN_GW="192.168.101.1"
        LAB_GW="192.168.222.1"

        scrub in on $LAN all

        nat on $LAN from $FOSS_Lab to any -> ($LAN:0)

        pass all        # add restrictions after NAT figured out

=====

Routing tables from OBSD host:

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu
Interface
default            192.168.101.1      UGS         8     1197      -   em0
127/8              127.0.0.1          UGRS        0        0  33224   lo0
127.0.0.1          127.0.0.1          UH          1        0  33224   lo0
192.168.101/24     link#2             UC          2        0      -   em0
192.168.101.1      00:04:ed:49:fa:d1  UHLc        1        0      -   em0
192.168.101.102    00:03:93:df:cc:bb  UHLc        1       71      -   em0
192.168.222/24     link#1             UC          2        0      -   re0
192.168.222.1      00:14:78:7e:c7:39  UHLc        0        0      -   lo0
192.168.222.33     link#1             UHLc        1     3093      -   re0
224/4              127.0.0.1          URS         0        0  33224   lo0

Reply via email to