Greetings to all good I hope to help me
I followed the manual gateway-firewall openbsd 4.8
but still can not get or have no internet Conexxion client

ADSL (router ext)

192.168.1.1
   |
   |
 xl0
 192.168.1.101
gatewayopenbsd4.8-
xl1
  192.168.0.1
  |
  |
Client
      192.168.0.10
I have attached a number of client files and
gateway (route, ping, pf, dhcp, rc, sysctl, messages, dmesg, etc) of
configuration.

Grateful for your help I hope
is that your experience would be helpful to this newbie

[demime 1.01d removed an attachment of type application/rar which had a name of gateway.rar]

[demime 1.01d removed an attachment of type application/rar which had a name of cliente.rar]

[ message continues ]

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////  INFORMATION GATEWAY
////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
************   dmesg**********

OpenBSD 4.8 (RAMDISK_CD) #89: Mon Aug 16 09:24:20 MDT 2010
    deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 128KB L2 cache) 632 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,SSE
real mem  = 199585792 (190MB)
avail mem = 189444096 (180MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/07/01, BIOS32 rev. 0 @
0xfda74, SMBIOS rev. 2.3 @ 0xf0ea0 (55 entries)
bios0: vendor Intel Corp. version "A11" date 03/07/2001
bios0: Dell Computer Corporation L800C
apm0 at bios0: Power Management spec V1.2
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2f30/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xc000 0xcc000/0x800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82810 Host" rev 0x03
vga1 at pci0 dev 1 function 0 "Intel 82810 Video" rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 "Intel 82801AA Hub-to-PCI" rev 0x02
pci1 at ppb0 bus 1
xl0 at pci1 dev 8 function 0 "3Com 3c905C 100Base-TX" rev 0x30: irq
11, address 00:01:03:e8:38:4b
ukphy0 at xl0 phy 24: Generic IEEE 802.3u media interface, rev. 0: OUI
0x00601d, model 0x0035
xl1 at pci1 dev 9 function 0 "3Com 3c905 100Base-TX" rev 0x00: irq 10,
address 00:60:97:be:ca:2a
nsphy0 at xl1 phy 24: DP83840 10/100 PHY, rev. 1
ichpcib0 at pci0 dev 31 ...
[ message continues ]

On gateway start "tcpdump -i xl1" then on client start "ping
192.168.0.1". Do you see the packets?

After you stop the ping run "arp -a" on both client and gateway.
Do you see an entry for the other host?

If the answer to thease questions are "No" then you have a layer
two (or below) problem. Check cabling, vlan configuration and
such.

It the answer to thease questions are "Yes" then you have a layer
three (or above) problem. Check your packet filters.

[ message continues ]

answer your question,
i believe the problern is static routing setting on all
cable is okey
please help, with set up static client,gateway, and router (dsl ext)

On gateway start "tcpdump -i xl1
************************************************************************
gateway.my.domain (192.168.0.1) at 00:60:97:be:ca:2a on xl1 static
? (192.168.1.1) at 00:1d:0f:fc:95:de on xl0
*************************************************************************


/////////////////////////////////////////////////////////////////////////////////////////////////////////////
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
///////////////////////////////////////////////////////////////////////////////////////////////////////////////


in gateway
****************************************************
gateway.my.domain (192.168.0.1) at 00:60:97:be:ca:2a on xl1 static
? (192.168.1.1) at 00:1d:0f:fc:95:de on xl0
****************************************************


in client
///////////////////////////////////////////////////////////////////////////////
nothing out screen
///////////////////////////////////////////////////////////////////////////////

























[ message continues ]

I am having a hard time following what you are saying.

On the gateway run "ping 192.168.0.10" when you stop that run
"arp -a" in the output you should see one of thease lines:

This one means your layer 2 such as cable is broken.
? (192.168.0.10) at (incomplete) on xl1

This one means your layer 3 such as packet filter is broken.
 ? (192.168.0.10) at 00:0c:76:bb:00:5a on xl1

But as another subscriber noted:

vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    media: Ethernet autoselect (none)
    status: no carrier

and

xl1: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (none)
        status: no carrier

which means neither your gateway or your client has a working
cable.

Are you using a switch or are these machines connected to each
other with a direct cable? If you are using a direct cable you
will need a crossover cable as 100baseTX does not support auto
MDI/MDI-X.

[ message continues ]

hi, dear friend both cables ( cable 1 and 2 )  are crossover and is
conectic like this,

*****************************************************************************************

[ message continues ]

I'm guessing the ADSL router is a typical NAT router, and that your OpenBSD
router is *not* configured for NAT.  as a result, the ADSL router is seeing
outbound packets from 192.168.0.10, but doesn't know how to deliver the
inbound responses.  it knows that the 192.168.1/24 network is reachable via
one of its own LAN ports, but I'm guessing that it doesn't know how to reach
the 192.168.0/24 network.

you need a static route defined on the ADSL router telling it that for the
192.168.0/24 network, the next hop router is at 192.168.1.101.

-ken

[ message continues ]

yeah KEn
you're right

yeahhh is this problem but get another and my weak point ( I am newbie )
in my adsl - ext-router(tp-link-TL-WR541G) set up like this (STATIC ROUTE)
ip:192.168.0.1
mask255.255.255.0
gateway 192.168.1.101

and nothing
soon I'll be crazy not to set it up


i dont know,


[ message continues ]

Your guess is incorrect given the facts in this case. In the
first mail david showed a pf ruleset which had:

match out on egress inet from ! (egress:network) to any nat-to
(egress:0) round-robin

He also showed that the client can't reach the OpenBSD gateway so
the traffic never gets to the ADSL modem.

For refrence see: http://marc.info/?l=openbsd-misc&m=129122248900549&w=2

[ message continues ]

From the ifconfig output it is obvious that there is a problem
with "cable 2".

It is either the cable or the network interface card. They should
har lights that should be lit when everything is corret.

For instance are the lights the same on both of xl0
and xl1?

There could also be some kind of issue with auto negotiation. Do
you have any other network equipment at hand that you can use to
check the cable and network cards?

Are you really sure you are using cross over cables? In my
experience ADSL Modems are made like a switch and therefor
has no problem beeing connected to a host directly. Your other
connection is between hosts and therefor (in the 100MBit case)
must use a "special" cable. You can use 
http://en.wikipedia.org/wiki/Ethernet_crossover_cable 
to verify that you have an crossover cable.

[ message continues ]

option  domain-name "my.domain";
 option  domain-name-servers 192.168.1.1;

 subnet 192.168.0.0 netmask 255.255.255.0 {
 	option routers 192.168.0.1;

 	range 192.168.0.32 192.168.0.127;

 }
 xl1: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
 	lladdr 00:60:97:be:ca:2a
 	priority: 0
 	media: Ethernet autoselect (none) ------> cable problem
 	status: no carrier -------> cable problem
 	inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
 	inet6 fe80::260:97ff:febe:ca2a%xl1 prefixlen 64 scopeid 0x2

thanks

[ message continues ]