On Sat, Jun 13, 2026 at 4:44 PM Aric Gregson <[email protected]> wrote:
> On 2026-06-13 09:34, Kenneth Gober wrote: > >On Fri, Jun 12, 2026 at 10:06 PM Aric Gregson < > [email protected]> > >wrote: > > > >> > >> I am struggling to figure this out and do not know what to try next, so > >> am asking for help. I am missing something simple, no doubt. > >> > >> Setting up a network gateway at home. Ultimately, I want to have a > >> backup internet, with fiber first then cable as a back-up. This is to > >> replace a Unifi solution that I started to use during the pandemic, > >> which maybe is not a good idea given the issues I am already having. :) > >> > >> I am just able to assign addresses, which it is now doing. I can 'ping' > >> and 'host' and ssh into the gateway from the client Openbsd computer. I > >> can also ping and host on the gateway computer running Fuguita (Openbsd > >> 7.9 release). I am able to 'dig @9.9.9.9 openbsd.org' and traceroute -I > >> is working as well. However, I cannot load any web pages and > >> applications, like Profanity, cannot login as they seemingly cannot find > >> the hosting site (conversations.im). Disabling pf does not change this > >> behavior. > >> > > > >Did you enable IP forwarding? > > Yes. > In that case I suggest enabling logging. Insert a "match log" rule at the top of your ruleset, then observe which rules are being applied to packets using the following command: # tcpdump -len -i pflog0 If you need to see how your rules are numbered: # pfctl -vv -s rules If packets you expect to be forwarded (passed) are being blocked instead, it means your pass rules aren't matching for some reason. You may need to open up your ruleset to allow more destination ports. Or remove the "port $client_out" entirely. It may be too restrictive. Also confirm that the IP addresses you expect are indeed showing up in the tables you expect: # pfctl -vv -t leased_ip_table -T show -ken
