On Mon, Jul 20, 2020 at 3:06 AM Charlie Burnett <[email protected]> wrote:
> 1. I cannot connect to the internet properly unless only em0 (which is the > ethernet port I have connected to the external network) has a hostname > file- I have to either add back the hostname files after boot and run > /etc/netsetup or manually set up the internal network ports through > ifconfig. > I am guessing (due to lack of details) that your issue is that you are running a DHCP client on multiple interfaces, and as a result you are ending up with multiple default routes. It is normal when getting an IP address with DHCP to be provided with a default route, so if you're using DHCP to get an IP address from your upstream provider you should not also use DHCP on any internal interfaces (unless you want to server DHCP as a DHCP server). Static IP address assignments on your internal interfaces will work fine. 2. Even once the box is connected properly to the network, its' seemingly > unable to assign leases to other clients, attempting to connect to it > through another OpenBSD machine results in it timing out while getting a > lease. > I cannot guess the issue here without seeing your dhcpd.conf. > 3. Using the same exact config, I ran it behind a standard proprietary > router (linksys) that connects fine externally. Using that, the box > functions as expected. > 4. Using an openwrt router I get similar errors. Are the Linksys and Openwrt routers serving the same IP address ranges to DHCP clients? If not, it's possible that the one that's not working is using the same subnet as you have assigned to an internal interface on the APU2. 5. I'm using both config that I've used on external networks as well as > subnetworks on a corporate network that worked, and the default config from > the setting up a router page for a sanity check. > It is unclear what the outcome was here, and without knowing how those external and corporate networks were set up, I'm not able to guess what those configs might have been. In terms of useful information you could just as well have said "I tried something random but I'm not going to tell you the result." > 6. I assumed it was DHCP, but nonetheless as a sanity check I had pf pass > through anything and everything, worked internally as well as externally. > I'm at a complete loss- seeing as it occurs on openwrt I assume that its' > probably because of however the hell my landlord set up the network, but > anyone remotely have an idea how to begin debugging this? I don't like > particularly having a proprietary router running especially without a > firewall I trust. > The way you debug this is to first establish that you have Internet connectivity as an endpoint. Don't worry about routing at all. Once that is confirmed working then you can enable your internal interfaces and turn on forwarding. Once you're sure that routing is working, you can then start offering internal services like DHCP and DNS. If you use a default deny/deny PF policy (both block in and block out by default) keep in mind that you may need to explicitly add pass out rules to allow things like the DHCP client to work. Remember that a default block out rule will block both forwarded traffic trying to go out the egress interface, as well as non-forwarded traffic that originates from the router itself (like DHCP requests, DNS requests, NTP requests, etc.) I used to use a "pass out from (self)" rule to cover these but have since switched to explicit rules so that I can have more certainty about what exactly my router is sending. -ken
