Oops, sorry I did mean to copy and paste that information in here as well,
Bge0 is using a private static IP during testing of this of 192.168.16.223
Subnet1 : 66.150.173.0/26
Subnet2 : 66.150.7.0/25
Subnet3 : 72.2.215.0/24
The interfaces on the OpenBSD box are assigned static IP's at the top of each
subnet, so 66.150.173.62, etc. Each host in the subnets are configured to use
the OpenBSD interface as it's default gateway. From the 192.168.16 side I can
ping a host 66.150.173.20 with no problems. But when I ping a host that is
66.150.7.25, via tcpdump I can see that the ICMP packet hits the 192.168.16
interface, and comes out the 66.150.7 interface, but any packet going back
into the 66.150.7 interface just gets lost except for packets destined
explicitly for the interface ip 66.150.173.126. In fact tcpdump shows nothing
hitting the 66.150.7.126 interface at all if I am pinging a remote host.
Output of ifconfig:
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:22:19:d6:9c:04
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 192.168.16.223 netmask 0xffffff00 broadcast 192.168.16.255
inet6 fe80::222:19ff:fed6:9c04%bge0 prefixlen 64 scopeid 0x1
bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:22:19:d6:9c:05
priority: 0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::222:19ff:fed6:9c05%bge1 prefixlen 64 scopeid 0x2
enc0: flags=0<>
priority: 0
groups: enc
status: active
vlan4091: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:22:19:d6:9c:05
priority: 0
vlan: 4091 priority: 0 parent interface: bge1
groups: vlan
status: active
inet6 fe80::222:19ff:fed6:9c05%vlan4091 prefixlen 64 scopeid 0x5
inet 66.150.7.126 netmask 0xffffff80 broadcast 66.150.7.127
vlan4092: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:22:19:d6:9c:05
priority: 0
vlan: 4092 priority: 0 parent interface: bge1
groups: vlan
status: active
inet6 fe80::222:19ff:fed6:9c05%vlan4092 prefixlen 64 scopeid 0x6
inet 72.5.215.254 netmask 0xffffff00 broadcast 72.5.215.255
vlan4093: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:22:19:d6:9c:05
priority: 0
vlan: 4093 priority: 0 parent interface: bge1
groups: vlan
status: active
inet6 fe80::222:19ff:fed6:9c05%vlan4093 prefixlen 64 scopeid 0x7
inet 66.150.173.62 netmask 0xffffffc0 broadcast 66.150.173.63
-----Original Message-----
From: Ted Unangst [mailto:ted.unan...@gmail.com]
Sent: Wednesday, December 01, 2010 2:52 PM
To: Geoff Sweet
Cc: misc@openbsd.org
Subject: Re: Using OpenBSD as a router
On Wed, Dec 1, 2010 at 5:41 PM, Geoff Sweet <geoff.sw...@wemadeusa.com>
wrote:
> I have been googling this issue today and I am finding that I don't quite
know
> enough about what I am doing, and that the terms I am searching for are not
> returning the results I want.
>
> I have need of using OpenBSD as a router temporarily. I have four
interfaces.
>
> bge0 - my primary interface that will be facing my ISP's border router
> bge1:
> +vlan1 - Segment for my subnet1
> +vlan2 - Segment for my subnet2
> +vlan3 - Segment for my subnet3
>
> So I really only want routing functionality so I thought it was safe to do
the
> following:
>
> - Set net.inet.ip.fordwarding=1
> - Disabled PF
>
> This leaves me in a state where I can ping hosts in vlan1 from the network
on
> bge0. But that's about it. I kinda don't know the right questions to ask
> here. Googling for routing leads to mostly sites dealing with adding
static
> routes in OpenBSD. So from some of the reading on Faq6, I assumed that
> enabling forwarding would leave me with a system whereby packets entering
any
> of the interfaces would be routed back out the correct interface for the
> subnet, or off onto the default gateway if no local subnet exists. But
that
> assumption seems to be failing me. The faq also mentioned OpenBGPD and
routed,
> but there doesn't appear to be any man page for routed and because my ISP
is
> statically routing my subnets to me, apparently (according to them) I have
no
> need of BGP. Could anyone offer any insight or advice on what I am doing
> wrong?
are the other computers configured to use the router as their gateway?
more information about the networks and ips of the computers on
either end, the output of ifconfig, and what exactly "that's about it"
means would go a long way.
