I have been googling this issue today and I am finding that I don't quite know
enough about what I am doing, and that the terms I am searching for are not
returning the results I want.

I have need of using OpenBSD as a router temporarily.  I have four interfaces.

bge0 - my primary interface that will be facing my ISP's border router
bge1:
 +vlan1 - Segment for my subnet1
 +vlan2 - Segment for my subnet2
 +vlan3 - Segment for my subnet3

So I really only want routing functionality so I thought it was safe to do the
following:

- Set net.inet.ip.fordwarding=1
- Disabled PF

This leaves me in a state where I can ping hosts in vlan1 from the network on
bge0.  But that's about it.  I kinda don't know the right questions to ask
here.  Googling for routing leads to mostly sites dealing with adding static
routes in OpenBSD.  So from some of the reading on Faq6, I assumed that
enabling forwarding would leave me with a system whereby packets entering any
of the interfaces would be routed back out the correct interface for the
subnet, or off onto the default gateway if no local subnet exists.  But that
assumption seems to be failing me. The faq also mentioned OpenBGPD and routed,
but there doesn't appear to be any man page for routed and because my ISP is
statically routing my subnets to me, apparently (according to them) I have no
need of BGP.  Could anyone offer any insight or advice on what I am doing
wrong?

Thanks!
Geoff Sweet

[ message continues ]

On Wed, Dec 1, 2010 at 5:41 PM, Geoff Sweet <geoff.sweet@wemadeusa.com>

are the other computers configured to use the router as their gateway?
 more information about the networks and ips of the computers on
either end, the output of ifconfig, and what exactly "that's about it"
means would go a long way.

[ message continues ]

Oops, sorry I did mean to copy and paste that information in here as well,

Bge0 is using a private static IP during testing of this of 192.168.16.223
Subnet1 : 66.150.173.0/26
Subnet2 : 66.150.7.0/25
Subnet3 : 72.2.215.0/24

The interfaces on the OpenBSD box are assigned static IP's at the top of each
subnet, so 66.150.173.62, etc.  Each host in the subnets are configured to use
the OpenBSD interface as it's default gateway.  From the 192.168.16 side I can
ping a host 66.150.173.20 with no problems.  But when I ping a host that is
66.150.7.25, via tcpdump I can see that the ICMP packet hits the 192.168.16
interface, and comes out the 66.150.7 interface, but any packet going back
into the 66.150.7 interface just gets lost except for packets destined
explicitly for the interface ip 66.150.173.126.  In fact tcpdump shows nothing
hitting the 66.150.7.126 interface at all if I am pinging a remote host.

Output of ifconfig:

# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
        priority: 0
        groups: lo
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:22:19:d6:9c:04
        priority: 0
        groups: egress
        media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
        status: active
        inet 192.168.16.223 netmask 0xffffff00 broadcast 192.168.16.255
        inet6 fe80::222:19ff:fed6:9c04%bge0 prefixlen 64 scopeid 0x1
bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:22:19:d6:9c:05
        priority: 0
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet6 fe80::222:19ff:fed6:9c05%bge1 prefixlen 64 scopeid 0x2
enc0: flags=0<>
        priority: 0
        groups: enc
        status: active
vlan4091: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr ...
[ message continues ]

Oh for the love of god... ok I am good. OpenBSD works pretty much as it
should.  Someone loaded damn switch ACL's onto this switch.

Off to choke a junior admin to death.

-Geoff

-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf Of
Geoff Sweet
Sent: Wednesday, December 01, 2010 3:48 PM
To: misc@openbsd.org
Subject: Re: Using OpenBSD as a router

Oops, sorry I did mean to copy and paste that information in here as well,

Bge0 is using a private static IP during testing of this of 192.168.16.223
Subnet1 : 66.150.173.0/26
Subnet2 : 66.150.7.0/25
Subnet3 : 72.2.215.0/24

The interfaces on the OpenBSD box are assigned static IP's at the top of each
subnet, so 66.150.173.62, etc.  Each host in the subnets are configured to
use
the OpenBSD interface as it's default gateway.  From the 192.168.16 side I
can
ping a host 66.150.173.20 with no problems.  But when I ping a host that is
66.150.7.25, via tcpdump I can see that the ICMP packet hits the 192.168.16
interface, and comes out the 66.150.7 interface, but any packet going back
into the 66.150.7 interface just gets lost except for packets destined
explicitly for the interface ip 66.150.173.126.  In fact tcpdump shows
nothing
hitting the 66.150.7.126 interface at all if I am pinging a remote host.

Output of ifconfig:

# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
        priority: 0
        groups: lo
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:22:19:d6:9c:04
        priority: 0
        groups: egress
        media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
        status: active
        inet 192.168.16.223 netmask 0xffffff00 broadcast 192.168.16.255
        inet6 fe80::222:19ff:fed6:9c04%bge0 prefixlen 64 scopeid 0x1
bge1: ...
[ message continues ]

If in doubt,
beat the Cisco admin about....




"Opportunity is most often missed by people because it is dressed in
overalls and looks like work."
    Thomas Alva Edison
    Inventor of 1093 patents, including:
        The light bulb, phonogram and motion pictures.




[ message continues ]