<br><br><div><span class="gmail_quote">On 6/13/07, <b class="gmail_sendername">Jeff Quast</b> <<a href="mailto:af.dingo@gmail.com">af.dingo@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
duh... sent it to the wrong guy!<br><br>---------- Forwarded message ----------<br>From: Jeff Quast <<a href="mailto:af.dingo@gmail.com">af.dingo@gmail.com</a>><br>Date: Jun 13, 2007 9:27 AM<br>Subject: Re: [nycbug-talk] OpenBSD PF help
<br>To: <a href="mailto:kurt@intricatesoftware.com">kurt@intricatesoftware.com</a><br><br><br>On 6/13/07, Kurt Miller <<a href="mailto:lists@intricatesoftware.com">lists@intricatesoftware.com</a>> wrote:<br>> On Monday 11 June 2007 12:23:51 pm Barry Kominik wrote:
<br>> > Hi,<br>> > I'm having problems getting a pf filter working. I must be doing something<br>> > simple wrong, anybody have any advice?<br>> ><br>> > I have two public routable IP blocks, let's say
<a href="http://1.1.1.1/29">1.1.1.1/29</a> and <a href="http://2.2.2.1/28">2.2.2.1/28</a>.<br>> > The colo routes both networks to my handoff. I have the int0 connected to<br>> > the handoff from the co-lo and ext0 configured as the
<a href="http://2.2.2.1">2.2.2.1</a>. I have<br>> > net.inet.ip.forwarding=1. Shouldn't basic routing work without even enabling<br>> > the firewall? Hosts on the 2 network can ping trough to the<br>> >
1.1.1.1interface, but not beyond. Hosts on the internet can see<br>> > <a href="http://1.1.1.1">1.1.1.1</a> but nothing on the 2. network. I can get this to work by setting up<br>> > a bridge between the interfaces, but this strikes me as incorrect. Am I
<br>> > missing something simple? If not I can pay for some consulting time.<br>> ><br>> > Thanks,<br>> > Barry<br>> ><br>><br>> Is /etc/mygate on the router set?<br><br>The client on the
2.2.2.* network needs to understand that <a href="http://2.2.2.1">2.2.2.1</a> is<br>the router for reaching the 1.1.1.* network.<br><br>add it manualy to the client(s) via route</blockquote><div><br>The clients on 2.2.2 have the southbound interface of the router as the default gateway. Shouldn't that have all traffic for other networks go to the router?
<br><br><br></div></div>