Hello, Last week I did an update of this 6.1 machine. Somehow, the machine ignores /etc/mygate (one line with ipv4 gateway, one line with ipv6 gateway). After the reboot I could not connect to the box. Luckily I could ssh into one of the bridged hosts "behind" the OpenBSD 6.1 machine, and from there I could log into the OpenBSD 6.1 machine via its external IP-Address.
So, in addition to the machine ignoring IP aliases in /etc/hostname.vether0 (well, it shows the IP aliases via ifconfig, but the pf rules are only working after an explicit "ifconfig vether0 inet alias ...") , it now ignores also /etc/mygate. Adding "ifconfig vether0 inet alias XXX netmask XXX" and "route add default XXX" to /etc/rc.local was the workaround, however, I think this is not expected behaviour. regards, infoomatic > Gesendet: Dienstag, 09. Mai 2017 um 18:37 Uhr > Von: Infoomatic <[email protected]> > An: "OpenBSD Misc" <[email protected]> > Betreff: Re: bridge/vether0 not working - BUG? > > > > > does it work when you put - inet alias X.X.X.Y 255.255.255.255 ? > > > > > > unfortunately not. It's the same effect as with 255.255.255.224: working > > > locally on the subnet, but not when routing is involved. > > > Thanks anyway for this idea! > > > > Guess I was to fast! After a few minutes it was working (did not do > > anything in the meantime!). > > The fun fact: I did a reboot with the .224 netmask in the file enabled > > again and it also worked. This is weird, maybe someone could explain this > > (why the .255 netmask?) to me, I have no clue why this now works and what > > causes this behaviour. > > > > This is weird. I was too fast again. Something is really strange here. It is > working on incoming stuff, e.g. also in pf on rules like > "pass in quick inet proto tcp from any to X.X.X.Y port 4422 rdr-to > 192.168.1.3 port 22" > > However, outgoing is not working. > "pass out quick from 192.168.1.3 to any nat-to X.X.X.Y" is NOT WORKING, but > when I use the main ip-address X.X.X.X it is working. > > Now the weird part: > As soon as I remove any alias in the /etc/hostname.vether0 and fire up > "ifconfig vether0 inet alias X.X.X.Y netmask 255.255.255.224", the pf-rules > work as expected supporting nat-to with any of the firewalls external > ip-addresses. Could this be a bug? > > Any further enlightenment would be highly appreciated, thanks! > >
