On 05/08/17 17:55, Monah Baki wrote:
Hi all,
I am running OpenBSD 5.9 on a Net4801 Soekris. It's acting as my gateway
and all my internal machines on the 10.0.0.x network are able to get to the
internet.
My ifconfig
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff000000
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c5:08:bc
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.222 netmask 0xffffff00 broadcast 192.168.1.255
sis1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c5:08:bd
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
sis2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c5:08:be
priority: 0
media: Ethernet autoselect (none)
status: no carrier
My pf.conf
set skip on lo
block return # block stateless traffic
pass # establish keep-state
pass out on sis0 inet from sis1:network to any nat-to sis0
pass in on sis1 dup-to 10.0.0.2
pass out on sis1 dup-to 10.0.0.2
The 10.0.0.2 is the IP address of my Windows workstation running wireshark,
however I do not see any network traffic from my internal workstations.
I actually prefer to copy traffic from sis1 to sis2 if possible and just
connect directly my wireshark laptop to it
Am I missing anything?
Thanks
Monah
I am using a soekris for my router as well. I pretty much just followed
the advice here https://www.openbsd.org/faq/pf/example1.html and have
had no problems for over a year now.
Edgar
