Re: 4.6: Troubles with forwarding between vlan interfaces

Thu, 29 Oct 2009 14:45:20 -0700 

I apologise. My mistake - misconfiguration of host in local network.

On Thu, Oct 29, 2009 at 10:39:43PM +0200, Alexander Shikoff wrote:
> Hello,
> 
> I'm trying to setup a router on OpenBSD 4.6 (amd64). I have only one
> physical port on it, so I've decided to use 802.1Q VLANs: vlan2 is used
> to connect to ISP, vlan663 - LAN.
> 
> Here a configuration of interfaces:
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         lladdr 00:e0:81:b1:8d:d7
>         priority: 0
>         media: Ethernet autoselect (1000baseT full-duplex)
>         status: active
>         inet6 fe80::2e0:81ff:feb1:8dd7%em0 prefixlen 64 scopeid 0x1
> 
> vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         lladdr 00:e0:81:b1:8d:d7
>         priority: 0
>         vlan: 2 priority: 0 parent interface: em0
>         groups: vlan egress
>         inet6 fe80::2e0:81ff:feb1:8dd7%vlan2 prefixlen 64 scopeid 0x5
>         inet x.x.x.226 netmask 0xfffffffc broadcast x.x.x.227
> 
> vlan663: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         lladdr 00:e0:81:b1:8d:d7
>         priority: 0
>         vlan: 663 priority: 0 parent interface: em0
>         groups: vlan
>         inet6 fe80::2e0:81ff:feb1:8dd7%vlan663 prefixlen 64 scopeid 0x6
>         inet y.y.y.161 netmask 0xffffffe0 broadcast y.y.y.191
> 
> x.x.x.224/30 - Interconnect with my ISP
> y.y.y.160/27 - My LAN
> 
> I can ping from internet both IPs x.x.x.226 and y.y.y.161, but
> cannot ping IP from LAN y.y.y.162. It looks strange because I can ping it
> from my box and net.inet.ip.forwarding is set to 1:
> 
> # arp -an
> ? (y.y.y.162) at 00:13:02:51:3a:43 on vlan663
> ? (x.x.x.225) at 00:21:59:1b:18:80 on vlan2
> 
> # ping y.y.y.162
> PING y.y.y.162 (y.y.y.162): 56 data bytes
> 64 bytes from y.y.y.162: icmp_seq=0 ttl=64 time=6.798 ms
> 64 bytes from y.y.y.162: icmp_seq=1 ttl=64 time=3.588 ms
> --- y.y.y.162 ping statistics ---
> 2 packets transmitted, 2 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 3.588/5.193/6.798/1.605 ms
> 
> # sysctl net.inet.ip.forwarding
> net.inet.ip.forwarding=1
> 
> pf is enabled and passes all traffic:
> # pfctl -sr                                                                   
>                                                                               
>            
> pass all flags S/SA keep state
> 
> 
> Any help will be kindly appreciated! Thanks.
> 
> -- 
> MINO-RIPE
> 

-- 
MINO-RIPE

Reply via email to