Re: OpenBSd 5.9 dup-to

Mon, 08 May 2017 18:35:50 -0700 

You have it setup in bridge mode?

Thanks


On Mon, May 8, 2017 at 9:01 PM Edgar Pettijohn <[email protected]>
wrote:

>
>
> On 05/08/17 17:55, Monah Baki wrote:
> > Hi all,
> >
> > I am running OpenBSD 5.9 on a Net4801 Soekris. It's acting as my gateway
> > and all my internal machines on the 10.0.0.x network are able to get to
> the
> > internet.
> >
> > My ifconfig
> >
> > # ifconfig
> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
> >          priority: 0
> >          groups: lo
> >          inet6 ::1 prefixlen 128
> >          inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
> >          inet 127.0.0.1 netmask 0xff000000
> > sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >          lladdr 00:00:24:c5:08:bc
> >          priority: 0
> >          groups: egress
> >          media: Ethernet autoselect (100baseTX full-duplex)
> >          status: active
> >          inet 192.168.1.222 netmask 0xffffff00 broadcast 192.168.1.255
> > sis1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >          lladdr 00:00:24:c5:08:bd
> >          priority: 0
> >          media: Ethernet autoselect (100baseTX full-duplex)
> >          status: active
> >          inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
> > sis2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
> >          lladdr 00:00:24:c5:08:be
> >          priority: 0
> >          media: Ethernet autoselect (none)
> >          status: no carrier
> >
> >
> >
> >
> >
> > My pf.conf
> >
> >
> > set skip on lo
> >
> > block return    # block stateless traffic
> > pass            # establish keep-state
> >
> > pass out on sis0 inet from sis1:network to any nat-to sis0
> > pass in on sis1 dup-to 10.0.0.2
> > pass out on sis1 dup-to 10.0.0.2
> >
> >
> >
> > The 10.0.0.2 is the IP address of my Windows workstation running
> wireshark,
> > however I do not see any network traffic from my internal workstations.
> >
> > I actually prefer to copy traffic from sis1 to sis2 if possible and just
> > connect directly my wireshark laptop to it
> >
> > Am I missing anything?
> >
> >
> > Thanks
> > Monah
> I am using a soekris for my router as well.  I pretty much just followed
> the advice here https://www.openbsd.org/faq/pf/example1.html and have
> had no problems for over a year now.
>
> Edgar
>
>

Reply via email to