Re: Howto route IP Broadcasts (255.255.255.255)

[Damon McMahon]

Heinrich,

On 13/03/2008, at 7:32 PM, Heinrich Rebehn wrote:
Hi All,

We have an OpenBSD 4.2-stable router which routes between 5  
subnets. On 2 of those subnets we run an application that does  
"many to many" communication using UDP broadcasts to  
255.255.255.255. Unfortunately, the router does not seem to forward  
these packets. They look like:

[EMAIL PROTECTED] [~] # tcpdump -n -v -i vlan0 host 255.255.255.255
tcpdump: listening on vlan0, link-type EN10MB
09:55:04.622293 134.102.176.85.33094 > 255.255.255.255.60001: udp  
331 (DF) (ttl 64, id 0, len 359)
09:55:04.696183 134.102.176.52.46247 > 255.255.255.255.60001: [udp  
sum ok] udp 29 (DF) (ttl 64, id 0, len 57)
09:55:05.623102 134.102.176.85.33094 > 255.255.255.255.60001: [udp  
sum ok] udp 29 (DF) (ttl 64, id 0, len 57)
09:55:05.623302 134.102.176.24.56807 > 255.255.255.255.60001: [udp  
sum ok] udp 29 (DF) (ttl 64, id 0, len 57)
09:55:06.627005 134.102.176.24.56807 > 255.255.255.255.60001: [udp  
sum ok] udp 29 (DF) (ttl 64, id 0, len 57)
09:55:07.627214 134.102.176.24.56807 > 255.255.255.255.60001: [udp  
sum ok] udp 29 (DF) (ttl 64, id 0, len 57)

Hosts on other subnets do not see the packets, neither do I see  
them on pflog0, so it seems the packet filter is not to blame.

Do i have to enable broadcasts explicitly ? I could not find  
anything in the manpages, and googling for "routing broadcasts" or  
similar yields only pages dealing with routing protocols.

Thanks for any help!

-Heinrich

Broadcasts can't be routed - it's a violation of the Internet  
Protocol and so it's the OpenBSD IP stack which is dropping your  
packets, not pf(4). I guess if you absolutely need to route broadcast  
packets one option is to use NAT in pf.conf(5), e.g. (not tested)

nat on vlan0 inet udp from 134.102.176.0/24 to 255.255.255.255 port  
60001 -> aaa.bbb.ccc.255

where aaa.bbb.ccc.255 is the broadcast address of your other subnet  
(assuming it's a /24).

I've previously used a similar configuration to route NETBIOS Name  
Service broadcasts to/from MS Windows clients on different subnets,  
so I see no reason you can't do the same. Please accept my apologies  
if the syntax is incorrect, I'm sure brighter sparks on this list  
will correct me!

best wishes,
Damon