Re: strange tcp rst with rdomain

Tue, 20 Dec 2011 12:54:05 -0800 

I was inspired and realized you can do better with pf:

pass in on em5 proto tcp to 192.168.235.12 port 22 \
        rdr-to 192.168.163.1 rtable 0

I am not using vlan and my interfaces have IP addresses assigned.
235.12 above is the management IP of the host in a non-zero rdomain
and 163.1 is the IP of the host in rdomain 0 with sshd listener
started. May still not be the best way, but I like this better than
starting multiple sshd. That approach had an added problem that my tty
would start in the rdomain local to where I connected, instead of
using 0 as the default.



On Tue, Dec 20, 2011 at 3:28 PM, Russell Garrison
<russell.garri...@gmail.com> wrote:
> I have found that I need to add something like:
>
> !route -T 2 exec /usr/sbin/sshd
>
> To the pertinent hostname.if file to make sure sshd is listening in
> addtional routing tables, but I do not know if this is best.
>
> On Mon, Dec 19, 2011 at 1:02 PM, PP;QQ P(P8P?P8QP8P=
<chipits...@gmail.com> wrote:
>> Hello.
>>
>> I'm running multihomed OpenBSD server:
>>
>> vlan5/carp5 - default
>> vlan2/carp2 and vlan4/carp4 are connected to other ISPs.
>>
>> when there's no rdomain thing, everything seems to be working, except
>> all outgoing packets goes through vlan5/carp5.
>>
>>
>> so, I did
>>
>> f2n0:/root#cat /etc/hostname.vlan2
>> vlan 2 vlandev trunk0 mtu 1300
>> up
>>
>> f2n0:/root#cat /etc/hostname.carp2
>> vhid 62 pass m1pass carpdev vlan2 X.X.X.X/26 rdomain 2
>> !/sbin/route -T 2 add 0.0.0.0/0 X.X.X.Z
>> f2n0:/root#cat /etc/hostname.vlan4
>> vlan 4 vlandev trunk0 mtu 1300
>> up
>>
>> f2n0:/root#cat /etc/hostname.carp4
>> vhid 64 pass m1pass carpdev vlan4 Y.Y.Y.Y/26 rdomain 4
>> !/sbin/route -T 4 add 0.0.0.0/0 Y.Y.Y.Z
>> f2n0:/root#
>>
>> also, I did
>>
>> f2n0:/root#grep -v ^# /etc/pf.conf
>>
>> set skip on lo
>>
>> pass in vlan2 rtable 2
>> pass in vlan4 rtable 4
>>
>> pass
>>
>>
>> "ping"is working good, packets go out via appropriate interface.
>> however, ssh ends with "tcp rst", for example.
>> how can the reason for that "tcp rst" might be detected?
>>
>> am I doing anything wrong with rdomains?
>>
>> Ilya Shipitsin

Reply via email to