> The gateway is on 192.168.1.1, the lan is on 192.168.0/24. It is just the way > it is.
As I said, the above line contains a typing error: 192.168.0/24 is the typing error, 192.168.1.0/24 is the correct data. This is the current setup. Gateways --------------- 192.168.1.1 is the first gateway It has two wires, one comes from the first ISP, the other wire goes to the firewall on em0. 192.168.1.2 is the second gateway It has two wires, one comes from a different ISP, the other wire goes to em1 on the same firewall. This is the OpenBSD firewall ------------------------------------------- /etc/mygate contains 192.168.1.1 only. 192.168.1.10 is em0 It is attached to 192.168.1.1 (gateway 1). cat /etc/hostname.em0 > inet 192.168.1.10 255.255.255.0 192.168.1.255 > up 192.168.1.11 is em1 It is attached to 192.168.1.2 (gateway 2). cat /etc/hostname.em1 > inet 192.168.1.11 255.255.255.0 192.168.1.255 > down 192.168.1.12 is ix0 It is a 10Gbps SFP+ attached to the switch. cat /etc/hostname.ix0 > inet 192.168.1.12 255.255.255.0 192.168.1.255 > up 192.168.1.13 is ix1 It is a 10Gbps SFP+ attached to the switch. cat /etc/hostname.ix1 > inet 192.168.1.13 255.255.255.0 192.168.1.255 > down 192.168.1.14 is the IPMI. This is the Switch -------------------------- 192.168.1.250 is the LAN switch It has two SFP+, both for the firewall. The current problem ------------------------------- ix0 comes up in group egress, by default. Group egress must contain em0 and em1 only. Attempts to reconfigure it have failed. Thank you -------- Original Message -------- On 3/31/25 18:39, otto.cooper <otto.coo...@proton.me> wrote: > [Apologies to the non-USA readers for the pedantic text.] > > Problem > ------- > > In a machine with 4 Ethernet interfaces, OpenBSD sets to egress the wrong > interface. > > This is the initial configuration: > > ``` > > cat /etc/hostname.em0 > inet 192.168.1.11 255.255.255.0 192.168.1.255 > up > > > cat /etc/hostname.em1 > down > > > cat /etc/hostname.ix0 > inet 192.168.1.12 255.255.255.0 192.168.1.255 > up > > > cat /etc/hostname.ix1 > down > ``` > > The wire on em0 is hooked to the gateway. > The wire on ix0 is hooked to the LAN switch. > > This is the result, in the order given by ifconfig: > > ``` > ix0: flags=2008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LRO> mtu 1500 > lladdr ac:1f:6b:6d:1e:f4 > index 1 priority 0 llprio 3 > groups: egress > media: Ethernet autoselect (10GSFP+Cu full-duplex,rxpause,txpause) > status: active > inet 192.168.1.12 netmask 0xffffff00 broadcast 192.168.1.255 > > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr ac:1f:6b:6d:1d:64 > index 3 priority 0 llprio 3 > media: Ethernet autoselect (1000baseT full-duplex,rxpause) > status: active > inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255 > ``` > > OpenBSD puts ix0 ahead of em0. I need to know why. Does anybody know? > > Steps done to solve the problem > ------------------------------- > > The aim is to remove ix0 from egress, and add em0 to egress instead. > > What do the manuals say? > > Interfaces are set up by hostname.if. > > hostname.if(5) does not spend a single word on groups. > > ifconfig(8) allows adding and removing groups, but is a shell command. > > ``` > > doas ifconfig em0 group egress > > > doas ifconfig em0 > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr ac:1f:6b:6d:1d:64 > index 3 priority 0 llprio 3 > groups: egress > media: Ethernet autoselect (1000baseT full-duplex,rxpause) > status: active > inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255 > > > doas ifconfig ix0 -group egress > > > doas ifconfig ix0 > ix0: flags=2008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LRO> mtu 1500 > lladdr ac:1f:6b:6d:1e:f4 > index 1 priority 0 llprio 3 > media: Ethernet autoselect (10GSFP+Cu full-duplex,rxpause,txpause) > status: active > inet 192.168.1.12 netmask 0xffffff00 broadcast 192.168.1.255 > ``` > > The command works. > > How do I put this into hostname.if? > > The temptation is to change the configuration as follows, using ifconfig > commands inside hostname.if: > > ``` > > cat /etc/hostname.em0 > inet 192.168.1.11 255.255.255.0 192.168.1.255 > group egress > up > > > cat /etc/hostname.ix0 > inet 192.168.1.12 255.255.255.0 192.168.1.255 > -group egress > up > ``` > > However, hostname.if does not allow for ifconfig commands. > > Out of curiosity, I tried anyway, and as expected the result did not change > after reboot. > > Oh, look, hostname.if(8) allows to run shell commands... > > ``` > !command > Arbitrary shell commands can be executed using this > directive, as long as they are available in the single-user > environment (for instance, /bin or /sbin). Useful for > doing interface-specific configuration such as setting up > custom routes or default source IP address using route(8) > or establishing tunnels using ifconfig(8). It is worth > noting that "\$if" in a command line will be replaced by > the interface name. > ``` > > Since ifconfig is in /sbin, it is expected to be available in the > single-user environment. > > This is the resulting configuration: > > ``` > > cat /etc/hostname.em0 > inet 192.168.1.11 255.255.255.0 192.168.1.255 > up > !ifconfig \$if group egress > > > cat /etc/hostname.ix0 > inet 192.168.1.12 255.255.255.0 192.168.1.255 > up > !ifconfig \$if -group egress > ``` > > After reboot, ix0 is still set to egress, and em0 is still without group, > that is hostname.if ignored the specifications. > > Can anybody care to explain? >
