Hello,
I'm trying to setup a router on OpenBSD 4.6 (amd64). I have only one
physical port on it, so I've decided to use 802.1Q VLANs: vlan2 is used
to connect to ISP, vlan663 - LAN.
Here a configuration of interfaces:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:e0:81:b1:8d:d7
priority: 0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::2e0:81ff:feb1:8dd7%em0 prefixlen 64 scopeid 0x1
vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:e0:81:b1:8d:d7
priority: 0
vlan: 2 priority: 0 parent interface: em0
groups: vlan egress
inet6 fe80::2e0:81ff:feb1:8dd7%vlan2 prefixlen 64 scopeid 0x5
inet x.x.x.226 netmask 0xfffffffc broadcast x.x.x.227
vlan663: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:e0:81:b1:8d:d7
priority: 0
vlan: 663 priority: 0 parent interface: em0
groups: vlan
inet6 fe80::2e0:81ff:feb1:8dd7%vlan663 prefixlen 64 scopeid 0x6
inet y.y.y.161 netmask 0xffffffe0 broadcast y.y.y.191
x.x.x.224/30 - Interconnect with my ISP
y.y.y.160/27 - My LAN
I can ping from internet both IPs x.x.x.226 and y.y.y.161, but
cannot ping IP from LAN y.y.y.162. It looks strange because I can ping it
from my box and net.inet.ip.forwarding is set to 1:
# arp -an
? (y.y.y.162) at 00:13:02:51:3a:43 on vlan663
? (x.x.x.225) at 00:21:59:1b:18:80 on vlan2
# ping y.y.y.162
PING y.y.y.162 (y.y.y.162): 56 data bytes
64 bytes from y.y.y.162: icmp_seq=0 ttl=64 time=6.798 ms
64 bytes from y.y.y.162: icmp_seq=1 ttl=64 time=3.588 ms
--- y.y.y.162 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.588/5.193/6.798/1.605 ms
# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding=1
pf is enabled and passes all traffic:
# pfctl -sr
pass all flags S/SA keep state
Any help will be kindly appreciated! Thanks.
--
MINO-RIPE
