Hi all,
i have a LAN within a LAN and the setup is as follows:
192.168.1.0/24 <-- OpenBSD 4.9 Router with 2 NICS --> 10.1.0.0/21
My goal is to get both Sides talking to each other (lets start with making
them be able to ping each other). I got it working by using the following
pf.conf, however i thought i should not need to have those match out
statements, because OpenBSD routes packets between interfaces by default as
long sysctl net.inet.ip.forwarding=1 is set.
>From inside my OpenBSD Box i can ping Devices on either Side just fine. From a
machine sitting on either Side, i can ping the OpenBSD Box just fine. But i
simply cannot get Side A Machines to talk to Side B Machines unless i
uncomment the two below match out statements inside my pf.conf.
If someone could share some insight, id be most thankful.
regards,
D
Here my simplified pf.conf which again does not work unless i uncomment the
two match out Rules:
++++++++ pf.conf
int_if="sis0"
ext_if="sis1"
icmp_types = "{ echoreq, unreach }"
set require-order yes
set block-policy return
set optimization normal
set loginterface $ext_if
match in all scrub (no-df)
set skip on lo
#match out on $int_if from 192.168.1.0/24 to any nat-to ($int_if)
#match out on $ext_if from 10.1.0.0/21 to any nat-to ($ext_if)
block log all
#Simplified for 'making it work purposes'
pass out quick
pass in quick
antispoof quick for { lo0 $int_if $ext_if } inet
# allow ICMP
pass in quick on { $int_if $ext_if } inet proto icmp all icmp-type $icmp_types
keep state
++++++++
++++++++ route -n
cndlne001'root(~)> route -n show | grep default
default 10.1.3.1 UGS 0 23106 - 8 sis0
cndlne001'root(~)> route -n show | grep 192.168.1
192.168.1/24 link#2 UC 2 0 - 4 sis1
