[Semibug] OpenBSD Firewall help needed
Josh Grosse
josh at jggimi.net
Wed Dec 9 04:39:00 EST 2020
On Tue, Dec 08, 2020 at 05:02:20PM -0500, Mark Moellering wrote:
> Everyone,
>
> I built my own OpenBSD firewall using an Ubiquiti EdgeRouter.
>
> Here is the layout:
>
> The internet comes into the firewall on cnmac1
>
> The internet goes out to on cnmac2 to a Netgear GS608 V2 router
>
> The router connects to a local server and PC on the 192.168.1.xx Where xx is
> 3 or greater
>
> The router connects to a wireless router on 192.168.1.1.?? All Devices on
> the wireless network are on 192.168.2.0/24
>
> in my sysctl.conf I have : net.inet.ip.forwarding=1?????????????? # 1=Permit
> forwarding (routing) of IPv4 packets
>
>
> If I try to ping my wireless printer from my PC, I get the following:
> PING 192.168.2.115 (192.168.2.115) 56(84) bytes of data.
> From 192.168.1.254 icmp_seq=1 Redirect Host(New nexthop: 1.1.168.192)
A "redirect host" response means that there is a routing issue.
Draw a network diagram. Such as this ASCII example, which may
be wrong because I don't have a complete understanding from
your text description above.
{192.168.2/24} -- [192.168.2.??? / 192.168.1.1] --
{192.168.1/24} -- [192.168.1.254] -- {Internet}
It's not clear to me what the address is of the WiFi router
is on the 192.168.2/24 subnet, nor is it clear to me that
this WiFi router has correct routing information. It should
have a default route through your new firewall (192.168.1.254)
and it may not.
You have several moving parts that aren't in the scope of
your description, such as WiFi router and PF configurations.
More information about the Semibug
mailing list