al interfaces are in promiscuous mode. I have filtering for
> vether0 but didn't imagine DHCP is still at physical interface level.
>
> pf.conf updated:
>
> set skip on em1-3
This logic does not match how PF+bridge(4) works.
> Only thing that still puzzles me where to f
personally
write everything on my web like for children.
My logic behind filtering was simple...bridge/vether handles all and
physical interfaces are in promiscuous mode. I have filtering for
vether0 but didn't imagine DHCP is still at physical interface level.
pf.conf updated:
set skip
Dear David,
I also searched myself the rambam for over a week. I needed the ports
bridged. For next to the router in my utilitycabin, meterbox, or
whatever "meterkast" in English is, I have my tv, kodi and kitchenwifi
connected. And I refused to route the ports or add another 24/7
consumer for a s
On Wed, Mar 10, 2021 at 08:40:55PM +0100, da...@hajes.org wrote:
> Hi,
>
> I did set up OpenBSD router/firewall on PC Engines APU4d4 box.
>
> First interface is WAN that connects to Internet.
>
> Remaining three interfaces are bridged with bridge0 via vether0.
>
>
On 10.3.2021. 20:40, da...@hajes.org wrote:
> Hi,
>
> I did set up OpenBSD router/firewall on PC Engines APU4d4 box.
>
> First interface is WAN that connects to Internet.
>
> Remaining three interfaces are bridged with bridge0 via vether0.
>
> firewall doesn&#x
Physical interfaces suppose to be transparent and in listening mode.
Bridge0>vether0 suppose to handle it.
It looks like Win vs OpenBSD doesn't cooperate very well.
I wonder if I should report it as a bug.On Mar 10, 2021 22:57, Pascal Huisman
wrote:
>
> Dear David,
>
> I
Dear David,
I encountered the same problem. Somehow the em? interfaces are behind
egress after bridging. Just add a rule to udp 67, 68.
--
Met vriendelijke groet,
Pascal Huisman
Two can Live as Cheaply as One for Half as Long.
-- Howard Kandel
Hi,
I did set up OpenBSD router/firewall on PC Engines APU4d4 box.
First interface is WAN that connects to Internet.
Remaining three interfaces are bridged with bridge0 via vether0.
firewall doesn't block LAN/bridge traffic on vether0.
DHCPD runs on bridge.
Two Linux hosts (connected t
, and from there I could
log into the OpenBSD 6.1 machine via its external IP-Address.
So, in addition to the machine ignoring IP aliases in /etc/hostname.vether0
(well, it shows the IP aliases via ifconfig, but the pf rules are only working
after an explicit "ifconfig vether0 inet alias
3
port 22"
However, outgoing is not working.
"pass out quick from 192.168.1.3 to any nat-to X.X.X.Y" is NOT WORKING, but
when I use the main ip-address X.X.X.X it is working.
Now the weird part:
As soon as I remove any alias in the /etc/hostname.vether0 and fire up
"ifconfig vether0
> > does it work when you put - inet alias X.X.X.Y 255.255.255.255 ?
>
> unfortunately not. It's the same effect as with 255.255.255.224: working
> locally on the subnet, but not when routing is involved.
> Thanks anyway for this idea!
Guess I was to fast! After a few minutes it was working (did
> Von: "Hrvoje Popovski"
> > /etc/hostname.vether0:
> > up media autoselect
> > inet X.X.X.X 255.255.255.224 NONE
> > inet alias X.X.X.Y 255.255.255.224
>
>
> does it work when you put - inet alias X.X.X.Y 255.255.255.255 ?
unfortunately not. It's the same effect as with 255.255.255.224: worki
firewall works, but all other ip-address on
vether0 are just working locally on the subnet, they seem to ignore the route.
I am using OpenBSD 6.1 on amd64 with the latest patches applied via syspatch
(thanks for that tool ;-)
netstat -nr shows:
X.X.X.0/27 X.X.X.X UCPn 221427
Steven Kovalsky [kovalsky1...@gmail.com] wrote:
> The need for additional nic (for nat) i created vether0
> vether0 has 10.254.254.17/29 address
>
> On the other host set ip addres 10.254.254.18/29
> >From this host i can't ping 10.254.254.17
> and from 10
The need for additional nic (for nat) i created vether0
vether0 has 10.254.254.17/29 address
On the other host set ip addres 10.254.254.18/29
>From this host i can't ping 10.254.254.17
and from 10.254.254.17->10.254.254.18
net.inet.ip.forwarding=1
I need vether0 to nat vpn tra
15 matches
Mail list logo
