[nycbug-talk] OpenBSD PF help

Barry Kominik bkominik at gmail.com
Wed Jun 13 12:32:42 EDT 2007


On 6/13/07, Jeff Quast <af.dingo at gmail.com> wrote:
>
> duh... sent it to the wrong guy!
>
> ---------- Forwarded message ----------
> From: Jeff Quast <af.dingo at gmail.com>
> Date: Jun 13, 2007 9:27 AM
> Subject: Re: [nycbug-talk] OpenBSD PF help
> To: kurt at intricatesoftware.com
>
>
> On 6/13/07, Kurt Miller <lists at intricatesoftware.com> wrote:
> > On Monday 11 June 2007 12:23:51 pm Barry Kominik wrote:
> > > Hi,
> > > I'm having problems getting a pf filter working. I must be doing
> something
> > > simple wrong, anybody have any advice?
> > >
> > > I have two public routable IP blocks, let's say 1.1.1.1/29 and
> 2.2.2.1/28.
> > > The colo routes both networks to my handoff. I have the int0 connected
> to
> > > the handoff from the co-lo and ext0 configured as the 2.2.2.1. I have
> > > net.inet.ip.forwarding=1. Shouldn't basic routing work without even
> enabling
> > > the firewall? Hosts on the 2 network can ping trough to the
> > > 1.1.1.1interface, but not beyond. Hosts on the internet can see
> > > 1.1.1.1 but nothing on the 2. network. I can get this to work by
> setting up
> > > a bridge between the interfaces, but this strikes me as incorrect. Am
> I
> > > missing something simple? If not I can pay for some consulting time.
> > >
> > > Thanks,
> > > Barry
> > >
> >
> > Is /etc/mygate on the router set?
>
> The client on the 2.2.2.* network needs to understand that 2.2.2.1 is
> the router for reaching the 1.1.1.* network.
>
> add it manualy to the client(s) via route


The clients on 2.2.2 have the southbound interface of the router as the
default gateway. Shouldn't that have all traffic for other networks go to
the router?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20070613/9c384e59/attachment.html>


More information about the talk mailing list