Re: Static Ip's: Routing and Fowarding
On Apr 18, 2007, at 3:11 PM, BradenM - Sonoma Computer wrote: Do you mean the gateway address supplied by my ISP? Yes. Bryan
Re: Static Ip's: Routing and Fowarding
On Apr 18, 2007, at 3:57 PM, Bray Mailloux wrote: And the default route in my table shows 64.142.102.1 which is also the gateway address supplied by my isp. OK. That sounds correct. Can you post your dhcpd.conf again? Bryan
Re: Static Ip's: Routing and Fowarding
On Apr 18, 2007, at 5:31 PM, Bray Mailloux wrote: shared-network LOCAL-NET{ option domain-name theamericanbray.com; option domain-name-servers 208.204.224.11, 208.204.224.33 subnet 192.168.0.0 netmask 255.255.255.0 { options routers 192.168.0.1; range 192.168.0.14 192.168.0.23; } } On the third line, you need a semicolon after the second DNS server. I would typically do this whole thing in a subnet declaration that is at the root of the file. Take out the shared-network statement and the last closing brace. See if that makes a difference. After you do that, run the following commands: pkill dhcpd /usr/sbin/dhcpd tail -f /var/log/daemon Look for any errors with the last command. Bryan
Re: Static Ip's: Routing and Fowarding
On Wed, 18 Apr 2007 17:40:49 -0700, Bryan Vyhmeister wrote: On Apr 18, 2007, at 5:31 PM, Bray Mailloux wrote: shared-network LOCAL-NET{ option domain-name theamericanbray.com; option domain-name-servers 208.204.224.11, 208.204.224.33 subnet 192.168.0.0 netmask 255.255.255.0 { options routers 192.168.0.1; range 192.168.0.14 192.168.0.23; } } On the third line, you need a semicolon after the second DNS server. I would typically do this whole thing in a subnet declaration that is at the root of the file. Take out the shared-network statement and the last closing brace. See if that makes a difference. After you do that, run the following commands: pkill dhcpd /usr/sbin/dhcpd tail -f /var/log/daemon Look for any errors with the last command. You have pulled one of my tricks - writing a quick helpful reply and forgetting something you never would when doing it at the console of your own machine. dhcpd needs to be told what interface(s) to listen on. R/ From the land down under: Australia. Do we look umop apisdn from up over?
Re: Static Ip's: Routing and Fowarding
On Apr 18, 2007, at 10:01 AM, BradenM - Sonoma Computer wrote: Yes, ip fowarding is enabled in the sysctl.conf file. I did have an alias on rl0 but removed it to try and simplify my nat process. I've heard the term binat thrown around, could that possibly aid my project? No, binat is not what you need. You can read about all the NAT stuff at: http://www.openbsd.org/faq/pf/nat.html Can you ping the address of rl1 from workstations on the LAN? Also, did you correct the netmask in dhcpd.conf? Bryan
Re: Static Ip's: Routing and Fowarding
On Apr 18, 2007, at 12:59 PM, BradenM - Sonoma Computer wrote: I just read an article on dhcp-dns which updates the tinydns data file each time a new computer comes online using dynamic host control. I do plan on having my own in house DNS server but it currently is not implemented. Could this be why I'm having so much trouble? No, I don't think that is it. You have DNS servers listed in your dhcpd.conf file but I just looked back at your routing table. You have no default route set. Is that still the case? You need to add the gateway address to /etc/mygate and then reboot or alternately add it using route(8). Bryan
Static Ip's: Routing and Fowarding
I have one static ip address which is assigned to one of my ethernet cards, specifically rl0. Ip fowarding is turned on and dhcp is active and listening on another ethernet card, specifically rl1. Route and routed man pages have offered some tidbits of information but not enough to answer my troubleshooting questions. For example, dhcp is distributed address and internal network computers are receiving the dynamic address but cannot resolve any name servers or an internet connection. Now, I'm new to setting up networks and OpenBSD but feel like this is as good an opportunity to learn the system from the ground up. Here is some system information to guide anyone along. rl0 = 64.142.102.8 rl1 = 192.168.0.1 workgroup client #1 = dynamic 192.168.1.20 dhcpd.conf shared-network LOCAL-NET { option domain-name theamericanbray.com; option domain-name-servers 208.204.224.11, 208.204.224.33; subnet 192.168.0.0 netmask 255.255.0.0 { option routers 192.168.0.1; range 192.168.0.14 192.168.0.23; } } Routing Table Internet: Destination Gateway Flags Refs Use Mtu Interface 64.142.102/24 link#1UC 1 0 -rl0 allen 00:50:bf:3a:2e:66 UHLc 1 0 - lo0 localhost localhost UH 0 033224 lo0 192.168.0/24link#2UC 1 0 - rl1 192.168.0.1allen UGHS 0 0 - rl0 192.168.0.20 00:0d:61:03:8f:f6UHLc 0 20 - rl1 To recap, my workgroup clients using dynamic addressing cannot use the internet. Please and Thank You PS. I want ipv6 turned off and if anyone has a link to using IPsec on OpenBSD in the form of some tutorial would be just dynamite. Explosive, ya know? Potentially dangerous. Red. Bang. Bye, Love, Bray.
Re: Static Ip's: Routing and Fowarding
On Apr 16, 2007, at 10:54 PM, Bray Mailloux wrote: I have one static ip address which is assigned to one of my ethernet cards, specifically rl0. Ip fowarding is turned on and dhcp is active and listening on another ethernet card, specifically rl1. Route and routed man pages have offered some tidbits of information but not enough to answer my troubleshooting questions. For example, dhcp is distributed address and internal network computers are receiving the dynamic address but cannot resolve any name servers or an internet connection. Now, I'm new to setting up networks and OpenBSD but feel like this is as good an opportunity to learn the system from the ground up. Here is some system information to guide anyone along. rl0 = 64.142.102.8 rl1 = 192.168.0.1 workgroup client #1 = dynamic 192.168.1.20 dhcpd.conf shared-network LOCAL-NET { option domain-name theamericanbray.com; option domain-name-servers 208.204.224.11, 208.204.224.33; subnet 192.168.0.0 netmask 255.255.0.0 { option routers 192.168.0.1; Are you sure you want 255.255.0.0 as your netmask? It should be 255.255.255.0. This could be the problem. range 192.168.0.14 192.168.0.23; } } Routing Table Internet: Destination Gateway Flags Refs Use Mtu Interface 64.142.102/24 link#1UC 1 0 -rl0 allen 00:50:bf:3a:2e:66 UHLc 10 - lo0 localhost localhost UH 0 033224 lo0 192.168.0/24link#2UC 1 0 - rl1 192.168.0.1allen UGHS 0 0 - rl0 192.168.0.20 00:0d:61:03:8f:f6UHLc 0 20 - rl1 To recap, my workgroup clients using dynamic addressing cannot use the internet. Please and Thank You PS. I want ipv6 turned off and if anyone has a link to using IPsec on OpenBSD in the form of some tutorial would be just dynamite. Explosive, ya know? Potentially dangerous. Red. Bang. man ipsec man ipsec.conf That should get you started. Presumably other clients work fine? You don't mention anything about nat. Is nat setup correctly in pf.conf? Bryan
Re: Static Ip's: Routing and Fowarding
On Apr 17, 2007, at 8:30 AM, Bray Mailloux wrote: Shouldn't the internet connection be passed around to other hosts on the network without the use of nat and pf? Ip forwarding is on, isn't that enough? I'm just trying to get the internet connection out to other computers, filtering comes afterwards. No. You can't do that without using all publicly routable IP addresses (no 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8). NAT is Network Address Translation and has nothing to do with filtering. Basically nat takes connections from 192.168.0.0/24 (your internal network) and sends them out as if they were actually coming from 64.142.102.8 and then keeps track so that when data comes back from other places, it actually keeps track of who asked for what and then puts the internal IP address back in the destination. The PF FAQ has an excellent explanation of how NAT works in more details: http://www.openbsd.org/faq/pf/nat.html In any case, you have to use NAT in the scenario. There are some examples in pf.conf that you can use but the basic idea is: set ext_if=rl0 and int_if=rl1 at the top of pf.conf and then use the following nat statement near the examples: nat on $ext_if from ($int_if) - ($ext_if:0) This is basically saying translate at the external interface (rl0) for anything coming from addresses on the internal interface (rl1) and use the external interface public IP address. Add those changes to pf.conf and then run these commands: pfctl -f /etc/pf.conf pfctl -e Don't forget to fix the netmask typo in dhcpd.conf and then you should be off and running. Sorry if the explanation was too basic and you already understand most of this. In any case, I hope this answers the question. Bryan
Re: Static Ip's: Routing and Fowarding
- Original Message - From: Bryan Vyhmeister [EMAIL PROTECTED] To: Bray Mailloux [EMAIL PROTECTED] Cc: misc@openbsd.org Sent: Tuesday, April 17, 2007 9:08 AM Subject: Re: Static Ip's: Routing and Fowarding On Apr 17, 2007, at 8:30 AM, Bray Mailloux wrote: Shouldn't the internet connection be passed around to other hosts on the network without the use of nat and pf? Ip forwarding is on, isn't that enough? I'm just trying to get the internet connection out to other computers, filtering comes afterwards. No. You can't do that without using all publicly routable IP addresses (no 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8). NAT is Network Address Translation and has nothing to do with filtering. Basically nat takes connections from 192.168.0.0/24 (your internal network) and sends them out as if they were actually coming from 64.142.102.8 and then keeps track so that when data comes back from other places, it actually keeps track of who asked for what and then puts the internal IP address back in the destination. The PF FAQ has an excellent explanation of how NAT works in more details: http://www.openbsd.org/faq/pf/nat.html In any case, you have to use NAT in the scenario. There are some examples in pf.conf that you can use but the basic idea is: set ext_if=rl0 and int_if=rl1 at the top of pf.conf and then use the following nat statement near the examples: nat on $ext_if from ($int_if) - ($ext_if:0) This is basically saying translate at the external interface (rl0) for anything coming from addresses on the internal interface (rl1) and use the external interface public IP address. Add those changes to pf.conf and then run these commands: pfctl -f /etc/pf.conf pfctl -e Don't forget to fix the netmask typo in dhcpd.conf and then you should be off and running. Sorry if the explanation was too basic and you already understand most of this. In any case, I hope this answers the question. Bryan Thank you for your help.
Re: Static Ip's: Routing and Fowarding
BradenM - Sonoma Computer wrote: - Original Message - From: Bryan Vyhmeister [EMAIL PROTECTED] To: Bray Mailloux [EMAIL PROTECTED] Cc: misc@openbsd.org Sent: Tuesday, April 17, 2007 9:08 AM Subject: Re: Static Ip's: Routing and Fowarding On Apr 17, 2007, at 8:30 AM, Bray Mailloux wrote: Shouldn't the internet connection be passed around to other hosts on the network without the use of nat and pf? Ip forwarding is on, isn't that enough? I'm just trying to get the internet connection out to other computers, filtering comes afterwards. No. You can't do that without using all publicly routable IP addresses (no 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8). NAT is Network Address Translation and has nothing to do with filtering. Basically nat takes connections from 192.168.0.0/24 (your internal network) and sends them out as if they were actually coming from 64.142.102.8 and then keeps track so that when data comes back from other places, it actually keeps track of who asked for what and then puts the internal IP address back in the destination. The PF FAQ has an excellent explanation of how NAT works in more details: http://www.openbsd.org/faq/pf/nat.html In any case, you have to use NAT in the scenario. There are some examples in pf.conf that you can use but the basic idea is: set ext_if=rl0 and int_if=rl1 at the top of pf.conf and then use the following nat statement near the examples: nat on $ext_if from ($int_if) - ($ext_if:0) This is basically saying translate at the external interface (rl0) for anything coming from addresses on the internal interface (rl1) and use the external interface public IP address. Add those changes to pf.conf and then run these commands: pfctl -f /etc/pf.conf pfctl -e Don't forget to fix the netmask typo in dhcpd.conf and then you should be off and running. Sorry if the explanation was too basic and you already understand most of this. In any case, I hope this answers the question. Bryan Thank you for your help. OK, I've tried your nat rule and am using a completely open pass rule to allow in all traffic but cannot ping the internet. Any other ideas? What are some trouble shooting techniques I could try?
Re: Static Ip's: Routing and Fowarding
On Apr 17, 2007, at 7:20 PM, Bray Mailloux wrote: OK, I've tried your nat rule and am using a completely open pass rule to allow in all traffic but cannot ping the internet. Any other ideas? What are some trouble shooting techniques I could try? Do you have 'pass out' in your pf.conf? Bryan
Re: Static Ip's: Routing and Fowarding
On Apr 17, 2007, at 7:20 PM, Bray Mailloux wrote: OK, I've tried your nat rule and am using a completely open pass rule to allow in all traffic but cannot ping the internet. Any other ideas? What are some trouble shooting techniques I could try? Actually, the rule should be 'pass out keep state' unless you are running 4.1 in which that is the default. Bryan