Re: Routine network config. gone wrong

[Tomáš Bodžár]

Well, you wasted time of a lot of the people stripping out important
info just because you thought that it is not important.

Link to picture of those outputs somewhere on Internet is zillion times
better then trying explain in number of emails why do you think
opposite.

And why? Because of No carrier on your network interfaces and
possible issue with file system which was not properly unmounted. Yes
it may mean as well that your upstream device is strange, any details
about type, config, firmware updates available?

Regarding Linux vs BSD political differences There's nothing like
that. There are quality differences and in that point of view Linux is
seriously behind in progress.

And take it easy, we want help, just in most efficient way :) From:
Lubo Diakov
Sent: ‎20. ‎4. ‎2014 23:08
To: OpenBSD-misc list
Subject: Re: Routine network config. gone wrong
Tomas,

I realize the output I sent was partial, but think about it from my
point of view. I'm not able to network the system, so SSH is
impossible. Am I supposed to send digital pictures as attachments?
IMHO an absurd waste of both your time and mine, not to mention wasted
bandwidth. I wrote in text form the information that I thought would
be most helpful. Now that I've managed to transfer the text output
with a USB flash disk (transferring files this way is another odyssey,
I hope someday soon Linux and BSD get over their silly political
diferences, but I digress), I'll send it in its entirety. I'd be the
first to admit I may have misconfigured this due to my inexperience,
but since I have done similar configurations with (Classic, OS 9)
Macs, Mac OS X (since before the public betas, developers previews and
so on), Windows XP, Vista, 7, Linux (mainly Ubuntu, but also some
OpenSuse and Redhat variants), I maybe unfamiliar with OpenBSD, but
TCP/IP in general is NOT new to me.

I think Giancarlo (next reply after you) may be onto something. That
the ISP's upstream router may be configured well enough for the
unwashed Mac/WIndows/even Linux masses, but refuses to work with
OpenBSD. I saw in the OpenBSD console that their router was trying to
send arp packets to OpenBSD, which were rejected (not conforming to
any RFC) or blocked (by pf). I do not have the text of that, but I
will try to reproduce it.

In any case, here I attach the text output from OpenBSD:
OpenBSD 5.4 (GENERIC) #37: Tue Jul 30 12:05:01 MDT 2013
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 669 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,SSE,PERF
real mem  = 266858496 (254MB)
avail mem = 251047936 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/29/02, BIOS32 rev. 0 @
0xfb140, SMBIOS rev. 2.2 @ 0xf0800 (35 entries)
bios0: vendor Award Software International, Inc. version 6.00 PG
date 01/29/2002
bios0: Gigabyte Technology Co., Ltd. i815-ITE8712
apm0 at bios0: Power Management spec V1.2 (slowidle)
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0xb5c0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf00/128 (6 entries)
pcibios0: PCI Exclusive IRQs: 5 9 11
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371SB ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xa000 0xcc000/0x7400
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82815 Host rev 0x02
vga1 at pci0 dev 2 function 0 Intel 82815 Video rev 0x02
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x400
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x02
pci1 at ppb0 bus 1
rl0 at pci1 dev 0 function 0 Realtek 8139 rev 0x10: irq 11, address
00:40:f4:44:07:56
rlphy0 at rl0 phy 0: RTL internal PHY
wi0 at pci1 dev 1 function 0 Intersil PRISM2.5 rev 0x01: irq 9
wi0: PRISM2.5 ISL3874A(Mini-PCI) (0x8013), Firmware 1.1.1 (primary),
1.7.4 (station), address 00:09:5b:41:33:d1
rl1 at pci1 dev 2 function 0 Realtek 8139 rev 0x10: irq 5, address
4c:00:10:3c:23:5c
rlphy1 at rl1 phy 0: RTL internal PHY
ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x02:
24-bit timer at 3579545Hz
pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x02: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: Maxtor 2R015H1
wd0: 16-sector PIO, LBA, 14305MB, 29297520 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TEAC, CD-540E, 1.0A ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x02: irq 9
uhci1 at pci0 dev 31 function 4 Intel 82801BA USB rev 0x02: irq 9
auich0 at pci0 dev 31 function 5 Intel 82801BA AC97 rev

Re: Routine network config. gone wrong

[Lubo Diakov]

Tomas,

I realize the output I sent was partial, but think about it from my
point of view. I'm not able to network the system, so SSH is
impossible. Am I supposed to send digital pictures as attachments?
IMHO an absurd waste of both your time and mine, not to mention wasted
bandwidth. I wrote in text form the information that I thought would
be most helpful. Now that I've managed to transfer the text output
with a USB flash disk (transferring files this way is another odyssey,
I hope someday soon Linux and BSD get over their silly political
diferences, but I digress), I'll send it in its entirety. I'd be the
first to admit I may have misconfigured this due to my inexperience,
but since I have done similar configurations with (Classic, OS 9)
Macs, Mac OS X (since before the public betas, developers previews and
so on), Windows XP, Vista, 7, Linux (mainly Ubuntu, but also some
OpenSuse and Redhat variants), I maybe unfamiliar with OpenBSD, but
TCP/IP in general is NOT new to me.

I think Giancarlo (next reply after you) may be onto something. That
the ISP's upstream router may be configured well enough for the
unwashed Mac/WIndows/even Linux masses, but refuses to work with
OpenBSD. I saw in the OpenBSD console that their router was trying to
send arp packets to OpenBSD, which were rejected (not conforming to
any RFC) or blocked (by pf). I do not have the text of that, but I
will try to reproduce it.

In any case, here I attach the text output from OpenBSD:
OpenBSD 5.4 (GENERIC) #37: Tue Jul 30 12:05:01 MDT 2013
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 669 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,SSE,PERF
real mem  = 266858496 (254MB)
avail mem = 251047936 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/29/02, BIOS32 rev. 0 @ 0xfb140, SMBIOS 
rev. 2.2 @ 0xf0800 (35 entries)
bios0: vendor Award Software International, Inc. version 6.00 PG date 
01/29/2002
bios0: Gigabyte Technology Co., Ltd. i815-ITE8712
apm0 at bios0: Power Management spec V1.2 (slowidle)
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0xb5c0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf00/128 (6 entries)
pcibios0: PCI Exclusive IRQs: 5 9 11
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371SB ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xa000 0xcc000/0x7400
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82815 Host rev 0x02
vga1 at pci0 dev 2 function 0 Intel 82815 Video rev 0x02
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x400
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x02
pci1 at ppb0 bus 1
rl0 at pci1 dev 0 function 0 Realtek 8139 rev 0x10: irq 11, address 
00:40:f4:44:07:56
rlphy0 at rl0 phy 0: RTL internal PHY
wi0 at pci1 dev 1 function 0 Intersil PRISM2.5 rev 0x01: irq 9
wi0: PRISM2.5 ISL3874A(Mini-PCI) (0x8013), Firmware 1.1.1 (primary), 1.7.4 
(station), address 00:09:5b:41:33:d1
rl1 at pci1 dev 2 function 0 Realtek 8139 rev 0x10: irq 5, address 
4c:00:10:3c:23:5c
rlphy1 at rl1 phy 0: RTL internal PHY
ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x02: 24-bit timer 
at 3579545Hz
pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x02: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: Maxtor 2R015H1
wd0: 16-sector PIO, LBA, 14305MB, 29297520 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TEAC, CD-540E, 1.0A ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x02: irq 9
uhci1 at pci0 dev 31 function 4 Intel 82801BA USB rev 0x02: irq 9
auich0 at pci0 dev 31 function 5 Intel 82801BA AC97 rev 0x02: irq 9, ICH2 AC97
ac97: codec id 0x83847600 (SigmaTel STAC9700)
ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D
audio0 at auich0
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x2e/2: IT8712F rev 3, EC port 0x290
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 Intel UHCI root hub rev 

Re: Routine network config. gone wrong

[Lubo Diakov]

Giancarlo,

Is there a way for me to determine if the upstream ISP router is
misconfigured? nmap, wireshark, ???

I have no doubt it could be so, but they are not the friendliest
bunch, so before I say your equipment doesn't work right I would like
to have some proof. Suggestions on how to diagnose it is their
malfunction MOST WELCOME.

Re: Routine network config. gone wrong

[Giancarlo Razzolini]

Em 20-04-2014 18:09, Lubo Diakov escreveu:
 Giancarlo,

 Is there a way for me to determine if the upstream ISP router is
 misconfigured? nmap, wireshark, ???

 I have no doubt it could be so, but they are not the friendliest
 bunch, so before I say your equipment doesn't work right I would like
 to have some proof. Suggestions on how to diagnose it is their
 malfunction MOST WELCOME.

I looked your ifconfig output, and all your interfaces where with status
no carrier. I don't know if your cables are connected, but even if the
interface is up, with no carrier, nothing will work. That being said, if
you're not getting a carrier it can be that the ethernet autoselect
didn't work, and you should manually put one in your hostname.if file.

You probably can't detect a misconfiguration using nmap or tcpdump. The
best bet would be to try and login in your isp's equipment, and take a
look at it. Specifically netmasks and routes. These things generally can
be misconfigured.

Cheers,

-- 
Giancarlo Razzolini
GPG: 4096R/77B981BC

Re: Routine network config. gone wrong

[Tomas Bodzar]

On Fri, Apr 18, 2014 at 4:16 PM, Lubo Diakov lubodia...@gmail.com wrote:

 Tomas,

 I included many of the outputs you mention. Since we're talking about
 a networking configuration, obviously doing something like ssh to copy
 the relevant information is not yet possible, so I looked at the
 screen of the OpenBSD system, and typed (in abbreviated form) the most
 relevant parts like ifconfig, resolv.conf and so on into this message
 (see my first post). I didn't copy the actual IP addresses, but unless
 I typed it in wrong on OpenBSD (possible, but unlikely given how many
 times I entered it), the addresses in question work on another system
 (the one this message is sent from). Nevertheless, I will run the
 commands you mention on OpenBSD and copy it by some other means, like
 a USB flash drive.



Well I can't see stuff like this in your email.

$ ifconfig
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33136
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff00
em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr MAC
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet6 IPv6%em0 prefixlen 64 scopeid 0x1
inet IPv4 netmask 0xff00 broadcast IPv4
enc0: flags=0
priority: 0
groups: enc
status: active
pflog0: flags=141UP,RUNNING,PROMISC mtu 33136
priority: 0
groups: pflog
$

$ ifconfig em0 media
em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr MAC
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
supported media:
media 10baseT
media 10baseT mediaopt full-duplex
media 100baseTX
media 100baseTX mediaopt full-duplex
media 1000baseT mediaopt full-duplex
media 1000baseT
media autoselect
inet IPv4 netmask 0xff00 broadcast IPv4
$

You pasted just partial parts of those outputs. Which may not be enough
some times. You may have eg. some weir characters left in /etc/resolv.conf
or whatever.

Re: Routine network config. gone wrong

[Giancarlo Razzolini]

Em 18-04-2014 15:04, Lubo Diakov escreveu:
 Routing tables

 Internet:
 DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
 default188.126.4.1UGS1 7188 - 8 rl1
 127/8  127.0.0.1  UGRS   00 33192 8 lo0
 127.0.0.1  127.0.0.1  UH 10 33192 4 lo0
 188.126.4/24   link#3 UC 20 - 4 rl1
 188.126.4.100:30:48:b8:c5:83  UHLc   1   72 - 4 rl1
 188.126.4.24   4c:00:10:3c:23:5c  UHLc   06 - 4 lo0
 192.168.6/24   link#1 UC 30 - 4 rl0
 192.168.6.600:40:f4:44:07:56  UHLc   06 - 4 lo0
 192.168.6.800:80:ad:00:7c:ca  UHLc   1   44 - 4 rl0
 192.168.6.900:80:ad:00:7c:ca  UHLc   0   70 - 4 rl0
 224/4  127.0.0.1  URS00 33192 8 lo0

 Internet6:
 DestinationGateway
 Flags   Refs  Use   Mtu  Prio Iface
 ::/104 ::1UGRS
   00 - 8 lo0
 ::/96  ::1UGRS
   00 - 8 lo0
 ::1::1UH
  140 33192 4 lo0
 ::127.0.0.0/104::1UGRS
   00 - 8 lo0
 ::224.0.0.0/100::1UGRS
   00 - 8 lo0
 ::255.0.0.0/104::1UGRS
   00 - 8 lo0
 :::0.0.0.0/96  ::1UGRS
   00 - 8 lo0
 2002::/24  ::1UGRS
   00 - 8 lo0
 2002:7f00::/24 ::1UGRS
   00 - 8 lo0
 2002:e000::/20 ::1UGRS
   00 - 8 lo0
 2002:ff00::/24 ::1UGRS
   00 - 8 lo0
 fe80::/10  ::1UGRS
   00 - 8 lo0
 fe80::%rl0/64  link#1 UC
   00 - 4 rl0
 fe80::240:f4ff:fe44:756%rl000:40:f4:44:07:56  HL
   00 - 4 lo0
 fe80::%rl1/64  link#3 UC
   00 - 4 rl1
 fe80::4e00:10ff:fe3c:235c%rl1  4c:00:10:3c:23:5c  HL
   00 - 4 lo0
 fe80::%lo0/64  fe80::1%lo0U
   00 - 4 lo0
 fe80::1%lo0link#5 UHL
   00 - 4 lo0
 fec0::/10  ::1UGRS
   00 - 8 lo0
 ff01::/16  ::1UGRS
   00 - 8 lo0
 ff01::%rl0/32  link#1 UC
   00 - 4 rl0
 ff01::%rl1/32  link#3 UC
   00 - 4 rl1
 ff01::%lo0/32  fe80::1%lo0UC
   00 - 4 lo0
 ff02::/16  ::1UGRS
   00 - 8 lo0
 ff02::%rl0/32  link#1 UC
   00 - 4 rl0
 ff02::%rl1/32  link#3 UC
   00 - 4 rl1
 ff02::%lo0/32  fe80::1%lo0UC
   00 - 4 lo0

 Is /etc/mygate the correct way to route on a system with two or more
 NICs (IP addresses) or is it better to put route add commands in each
 hostname file for the appropriate NIC? (i.e route traffic for the
 internet via rl1, and traffic for 192.168.whatever via rl0)

 Something else I had not noticed before, the ISP has BGPd running
 accrding to nmap under Ubuntu, which it occurred to me might explain a
 lot of this, though again, it isn't logical why it works on Ubuntu but
 not OpenBSD, but if I need for example a BGP client installed and
 configured that might sort it out. No such client or server installed
 under Ubuntu though, so that seems unlikely.

We still need dmesg, ifconfig and such. But I can tell you right know
that I had the same issue some years ago. A linux worked while an
OpenBSD didn't. Turned out, the ISP modem had it's own configuration
wrong, where it should be a /29 it was a /30 if I'm not mistaken. On
linux it worked because their networking stack is lazy. On OpenBSD it
didn't, because if the netmask isn't right it will 

Re: Routine network config. gone wrong

[Maurice McCarthy]

On 2014-04-18 01:23, Lubo Diakov wrote:

I may be missing something very simple, so if anyone can offer some
help I'd be grateful.



Well I don't mean to sound dull but are the interfaces actually up?

ifconfig r10 up

A Rolls-Royce engineer I once met went from the UK to Australia to cure 
heavy vibration in an industrial gas turbine (jet engine). Mechanics, 
vibration experts and engineers from many levels had failed to diagnose 
the cause. The machine was _not bolted to the base plate. He was told to 
find another reason before he left. So I like to ask myself, Is it 
plugged in? Is it switched on?


Regards
Moss

Re: Routine network config. gone wrong

[Tomas Bodzar]

On Fri, Apr 18, 2014 at 2:23 AM, Lubo Diakov lubodia...@gmail.com wrote:

 I may be missing something very simple, so if anyone can offer some
 help I'd be grateful.

 I want to set up a i386 OpenBSD system (using 5.4, but can try current
 5.5 if that would help) to act a gateway/firewall. 3 network
 interfaces, 2 wired, one wifi (ignoring wifi ATM, want to get wired
 working, then deal with wifi later).

 ifconfig rl0: (static WAN IP, routable when used with another system)
 inet w.x.y.z 255.255.255.0

 ifconfig rl1: (static LAN IP)
 inet 192.168.y.z 255.255.255.0

 resolv.conf (2 known working IP addresses for nameservers, again
 working in other OS)

 /etc/mygate (IP address of ISP gateway used on other OS for same
 connection, known working, have also tried route add default
 ISP.gateway manually)

 ping, traceroute, etc. to IP address of gateway fail, I suspect even
 the default pf rules may block this, but how to confirm/or rule out?
 (perhaps pfctl -d?)

 what should route show -inet or netstat -rn look like if configured
 properly?
 the first line of route show -inet reads (right after booting):
 dest.  gateway  flags
 defaultISP gateway   GS

 net.inet.ip.forwarding=1 (to forward between WAN and LAN) in sysctl.conf
 --
 Любомир Гаврилов Дяков
 емайл:
 lubodia...@gmail.com



We are missing a lot of outputs to help you. Like ifconfig, netstat -rn,
dmesg, cat /etc/resolv.conf, cat /etc/mygate ..

Re: Routine network config. gone wrong

[Lubo Diakov]

Patric, please elaborate what you have in mind by subnet is wrong.

I'm typing this from another PC which has the subnet mask
255.255.255.0 and the same static IP, ISP gateway, DNS that I was
trying to use with OpenBSD, and as this message proves, it routes
fine. Is it the case that Mac OS X, Windows, Linux are too lax with
incorrect subnet masks, while OpenBSD needs it to be more specific
or what? Puzzled.

Re: Routine network config. gone wrong

[Lubo Diakov]

Tomas,

I included many of the outputs you mention. Since we're talking about
a networking configuration, obviously doing something like ssh to copy
the relevant information is not yet possible, so I looked at the
screen of the OpenBSD system, and typed (in abbreviated form) the most
relevant parts like ifconfig, resolv.conf and so on into this message
(see my first post). I didn't copy the actual IP addresses, but unless
I typed it in wrong on OpenBSD (possible, but unlikely given how many
times I entered it), the addresses in question work on another system
(the one this message is sent from). Nevertheless, I will run the
commands you mention on OpenBSD and copy it by some other means, like
a USB flash drive.

Re: Routine network config. gone wrong

[Lubo Diakov]

Thanks Peter. I could have sworn I checked and rechecked exactly which
interface is which, but clearly not enough times :-). The problem
being that while they have distinct MAC addresses due to being from
different manufacturers, they both use the RL driver. Your suggestion
for confirming which ifconfig listing corresponds to which physical
network card is great. So making progress, but not done yet.

As it stands now, I set rl0 as the LAN interface and rl1 for WAN. And
I have confirmed that plugging and unplugging the network cable from
each results in ifconfig showing active or no carrier for the
correct interface.

On the LAN side (rl0), it is issuing DHCP addresses to clients, and
once it does so, I can ping from a DHCP client to both the LAN and WAN
IP address of OpenBSD (so the IPv4 forwarding seems to work, yay), and
also from OpenBSD to the DHCP-issued IP address of the other system.
Ssh (both directions, from Ubuntu to OpenBSD and vice versa) seems to
hang, after the SSH host key has been received and verified, according
to ssh -v (it stops on SSH2_MSG_SERVICE_ACCEPT received). It may
succeed, but simply be slow, I have to run it again to see if it times
out (I cancelled it), but then the slower system is 600Mhz and they
are 1 meter from each other with a known good ethernet cable so how
long should it take?. So it should not be blocked by pf I don't think,
but again, not certain. Have to figure that one out as I use ssh a
lot. One minor note, somehow Ubuntu abandons the DHCP lease
(according to /var/db/dhcpd.leases on OpenBSD) and gets a new one.
Maybe a bug in the Ubuntu dhclient implementation. Not too worried
about it now as long as it maintains/reestablishes connection ok.

WAN (rl1) is still problematic. Still no outbound ping to ISP gateway
(I've verified the same works from Ubuntu with static IP, so ICMP is
not blocked/dropped by them from what I can  tell). I retried after
pfctl -F all and also after pfctl -d, so I believe this part of the
problem is due to routing (mis)configuration alone, more than pf. From
OpenBSD, I can ping both the LAN and WAN interface on OpenBSD itself,
so I think the hostname.rl0 and hostname.rl1 files should be in decent
shape.

This is the output of netstat -rn (long! keep in mind almost
everything is put there automatically at boot time by /etc/mygate or
when I execute route add from the terminal, aside from the default
gateway little or nothing is added by me. It also shows how the DHCP
lease was abandoned, as one single MAC addr. shows two IPs 192.168.6.8
and .9 even though I only ran dhclient once on the client system):

Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default188.126.4.1UGS1 7188 - 8 rl1
127/8  127.0.0.1  UGRS   00 33192 8 lo0
127.0.0.1  127.0.0.1  UH 10 33192 4 lo0
188.126.4/24   link#3 UC 20 - 4 rl1
188.126.4.100:30:48:b8:c5:83  UHLc   1   72 - 4 rl1
188.126.4.24   4c:00:10:3c:23:5c  UHLc   06 - 4 lo0
192.168.6/24   link#1 UC 30 - 4 rl0
192.168.6.600:40:f4:44:07:56  UHLc   06 - 4 lo0
192.168.6.800:80:ad:00:7c:ca  UHLc   1   44 - 4 rl0
192.168.6.900:80:ad:00:7c:ca  UHLc   0   70 - 4 rl0
224/4  127.0.0.1  URS00 33192 8 lo0

Internet6:
DestinationGateway
Flags   Refs  Use   Mtu  Prio Iface
::/104 ::1UGRS
  00 - 8 lo0
::/96  ::1UGRS
  00 - 8 lo0
::1::1UH
 140 33192 4 lo0
::127.0.0.0/104::1UGRS
  00 - 8 lo0
::224.0.0.0/100::1UGRS
  00 - 8 lo0
::255.0.0.0/104::1UGRS
  00 - 8 lo0
:::0.0.0.0/96  ::1UGRS
  00 - 8 lo0
2002::/24  ::1UGRS
  00 - 8 lo0
2002:7f00::/24 ::1UGRS
  00 - 8 lo0
2002:e000::/20 ::1UGRS
  00 - 8 lo0
2002:ff00::/24 ::1UGRS
  00 - 8 lo0
fe80::/10  ::1UGRS
  00 - 8 lo0
fe80::%rl0/64  link#1 UC
  00 - 4 

Routine network config. gone wrong

[Lubo Diakov]

I may be missing something very simple, so if anyone can offer some
help I'd be grateful.

I want to set up a i386 OpenBSD system (using 5.4, but can try current
5.5 if that would help) to act a gateway/firewall. 3 network
interfaces, 2 wired, one wifi (ignoring wifi ATM, want to get wired
working, then deal with wifi later).

ifconfig rl0: (static WAN IP, routable when used with another system)
inet w.x.y.z 255.255.255.0

ifconfig rl1: (static LAN IP)
inet 192.168.y.z 255.255.255.0

resolv.conf (2 known working IP addresses for nameservers, again
working in other OS)

/etc/mygate (IP address of ISP gateway used on other OS for same
connection, known working, have also tried route add default
ISP.gateway manually)

ping, traceroute, etc. to IP address of gateway fail, I suspect even
the default pf rules may block this, but how to confirm/or rule out?
(perhaps pfctl -d?)

what should route show -inet or netstat -rn look like if configured properly?
the first line of route show -inet reads (right after booting):
dest.  gateway  flags
defaultISP gateway   GS

net.inet.ip.forwarding=1 (to forward between WAN and LAN) in sysctl.conf
-- 
Любомир Гаврилов Дяков
емайл:
lubodia...@gmail.com