On Fri, 2003-07-04 at 11:05, Jason Dixon wrote: > I'm trying to pass SMB traffic across an internal bridge, but my OpenBSD > 3.3 gateway isn't NAT'g the broadcast traffic. I have an internal > network comprised of a wireless Tablet PC, a Linux/Samba fileserver, and > some inconsequential client workstations. > > The Tablet is using a VPN tunnel (SSH Sentinel) to pass all wireless > traffic via IPsec to the OpenBSD/PF gateway. The gateway bridges wi0 to > ne3, which is the default gateway for all traffic on 192.168.0.0/24. > The idea is to encrypt all traffic from the Tablet to the gateway a) > outbound to the internet, and b) bounced inbound to the Linux server. > > I've added the following NAT rule, which successfully bounces traffic > from the Tablet to the Linux server: > > nat on $int_if from $int_net to $int_net -> ($int_if) > > (Note: The reason for this, rather than a host-to-host tunnel, is that > Sentinel keeps sending host-to-host traffic out the default tunnel. > Rather than continue to fight it, I'm going to work with it) > > I've tested all manner of normal traffic, and everything works great. I > can ping, ssh, even browse SMB *explicitly* by IP address. However, if > I try to use typical SMB/NMB browsing, the gateway refuses to forward > packets destined for 192.168.0.255. Is this a feature/bug of OpenBSD, > or I am forgetting some simple truth regarding IP networking?
Turns out I have to explicitly pass broadcast traffic. To sum it up, the three entries that affect this task: nat on $int_if from $int_net to $int_net -> ($int_if) pass in on $int_if from $int_net to $int_net keep state pass in on $int_if from $int_net to $int_if:broadcast keep state -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net
