If in doubt,
beat the Cisco admin about....
"Opportunity is most often missed by people because it is dressed in
overalls and looks like work."
Thomas Alva Edison
Inventor of 1093 patents, including:
The light bulb, phonogram and motion pictures.
On Thu, Dec 2, 2010 at 2:19 AM, Geoff Sweet <geoff.sw...@wemadeusa.com>wrote:
> Oh for the love of god... ok I am good. OpenBSD works pretty much as it
> should. Someone loaded damn switch ACL's onto this switch.
>
> Off to choke a junior admin to death.
>
> -Geoff
>
> -----Original Message-----
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Geoff Sweet
> Sent: Wednesday, December 01, 2010 3:48 PM
> To: misc@openbsd.org
> Subject: Re: Using OpenBSD as a router
>
> Oops, sorry I did mean to copy and paste that information in here as well,
>
> Bge0 is using a private static IP during testing of this of 192.168.16.223
> Subnet1 : 66.150.173.0/26
> Subnet2 : 66.150.7.0/25
> Subnet3 : 72.2.215.0/24
>
> The interfaces on the OpenBSD box are assigned static IP's at the top of
> each
> subnet, so 66.150.173.62, etc. Each host in the subnets are configured to
> use
> the OpenBSD interface as it's default gateway. From the 192.168.16 side I
> can
> ping a host 66.150.173.20 with no problems. But when I ping a host that is
> 66.150.7.25, via tcpdump I can see that the ICMP packet hits the 192.168.16
> interface, and comes out the 66.150.7 interface, but any packet going back
> into the 66.150.7 interface just gets lost except for packets destined
> explicitly for the interface ip 66.150.173.126. In fact tcpdump shows
> nothing
> hitting the 66.150.7.126 interface at all if I am pinging a remote host.
>
> Output of ifconfig:
>
> # ifconfig
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
> priority: 0
> groups: lo
> inet 127.0.0.1 netmask 0xff000000
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:22:19:d6:9c:04
> priority: 0
> groups: egress
> media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
> status: active
> inet 192.168.16.223 netmask 0xffffff00 broadcast 192.168.16.255
> inet6 fe80::222:19ff:fed6:9c04%bge0 prefixlen 64 scopeid 0x1
> bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:22:19:d6:9c:05
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex)
> status: active
> inet6 fe80::222:19ff:fed6:9c05%bge1 prefixlen 64 scopeid 0x2
> enc0: flags=0<>
> priority: 0
> groups: enc
> status: active
> vlan4091: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:22:19:d6:9c:05
> priority: 0
> vlan: 4091 priority: 0 parent interface: bge1
> groups: vlan
> status: active
> inet6 fe80::222:19ff:fed6:9c05%vlan4091 prefixlen 64 scopeid 0x5
> inet 66.150.7.126 netmask 0xffffff80 broadcast 66.150.7.127
> vlan4092: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:22:19:d6:9c:05
> priority: 0
> vlan: 4092 priority: 0 parent interface: bge1
> groups: vlan
> status: active
> inet6 fe80::222:19ff:fed6:9c05%vlan4092 prefixlen 64 scopeid 0x6
> inet 72.5.215.254 netmask 0xffffff00 broadcast 72.5.215.255
> vlan4093: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:22:19:d6:9c:05
> priority: 0
> vlan: 4093 priority: 0 parent interface: bge1
> groups: vlan
> status: active
> inet6 fe80::222:19ff:fed6:9c05%vlan4093 prefixlen 64 scopeid 0x7
> inet 66.150.173.62 netmask 0xffffffc0 broadcast 66.150.173.63
>
>
>
>
>
> -----Original Message-----
> From: Ted Unangst [mailto:ted.unan...@gmail.com]
> Sent: Wednesday, December 01, 2010 2:52 PM
> To: Geoff Sweet
> Cc: misc@openbsd.org
> Subject: Re: Using OpenBSD as a router
>
> On Wed, Dec 1, 2010 at 5:41 PM, Geoff Sweet <geoff.sw...@wemadeusa.com>
> wrote:
> > I have been googling this issue today and I am finding that I don't quite
> know
> > enough about what I am doing, and that the terms I am searching for are
> not
> > returning the results I want.
> >
> > I have need of using OpenBSD as a router temporarily. I have four
> interfaces.
> >
> > bge0 - my primary interface that will be facing my ISP's border router
> > bge1:
> > +vlan1 - Segment for my subnet1
> > +vlan2 - Segment for my subnet2
> > +vlan3 - Segment for my subnet3
> >
> > So I really only want routing functionality so I thought it was safe to
> do
> the
> > following:
> >
> > - Set net.inet.ip.fordwarding=1
> > - Disabled PF
> >
> > This leaves me in a state where I can ping hosts in vlan1 from the
> network
> on
> > bge0. But that's about it. I kinda don't know the right questions to
> ask
> > here. Googling for routing leads to mostly sites dealing with adding
> static
> > routes in OpenBSD. So from some of the reading on Faq6, I assumed that
> > enabling forwarding would leave me with a system whereby packets entering
> any
> > of the interfaces would be routed back out the correct interface for the
> > subnet, or off onto the default gateway if no local subnet exists. But
> that
> > assumption seems to be failing me. The faq also mentioned OpenBGPD and
> routed,
> > but there doesn't appear to be any man page for routed and because my ISP
> is
> > statically routing my subnets to me, apparently (according to them) I
> have
> no
> > need of BGP. Could anyone offer any insight or advice on what I am doing
> > wrong?
>
> are the other computers configured to use the router as their gateway?
> more information about the networks and ips of the computers on
> either end, the output of ifconfig, and what exactly "that's about it"
> means would go a long way.
