Hi, In my setup I use 4 ethernet ports for my firewall: 1 for the external, 1 bridged for bridged hosts in the same external subnet, 2 as trunk to the internal network. I want to slowly migrate some (its not possible for all) of the hosts with external ip-addresses to the internal net. Thus, the firewall gets the external ip-address and uses pf (rdr-to, nat-to) to map this to the internal host.
I have a similar setup working like this (other ip-addresses, and no trunk for internal hosts, the rest is the same), but this beast is just not working. The primary external interface of the firewall works, but all other ip-address on vether0 are just working locally on the subnet, they seem to ignore the route. I am using OpenBSD 6.1 on amd64 with the latest patches applied via syspatch (thanks for that tool ;-) netstat -nr shows: X.X.X.0/27 X.X.X.X UCPn 2 21427 - 4 vether0 X.X.X.0/27 X.X.X.Y UCPn 0 0 - 4 vether0 /etc/hostname.bridge0: add em0 add em1 add vether0 blocknonip em0 blocknonip em1 blocknonip vether0 up /etc/hostname.vether0: up media autoselect inet X.X.X.X 255.255.255.224 NONE inet alias X.X.X.Y 255.255.255.224 If I fire up a "ifconfig vether0 inet alias X.X.X.Y netmask 255.255.255.224" I get a dmesg of "arpresolve: X.X.X.1: route contains no arp information". (what exactly means this message?) However, if I delete the last line in /etc/hostname.vether0 (containing the alias statement), and then manually do a "ifconfig vether0 inet alias X.X.X.Y netmask 255.255.255.224" everything is fine and works as expected. I am curious in this matter, and would really appreciate someone sharing his/her knowlegde to enlight a newcomer, thanks! Kind regards, infoomatic
