LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 06-21-2004, 10:52 AM   #1
c_rugby
LQ Newbie
 
Registered: Jun 2004
Posts: 3

Rep: Reputation: 0
OpenBSD routing problems


I am having some difficulty and I hope someone can lend a much appreciated hand.

I would like to set up an OpenBSD box to act as a router and a packet filter on a network. Currently the network connects to their gateway at 128.127.100.129. The machines are in the same range as the gateway (128.127.100.130 - 128.127.100.254) I was wondering if it is possible to put the OpenBSD machine in between the network switch and the gateway? I would also like to serve dhcp to the internal network from the OpenBSd box.

The reason I am asking is that I heard that it might not be possible to do routing when their are addresses on both sides of the machine in the same subnet.

I have turned ip forwarding on. I have attempted to set it up as a bridge as well but that doesn't work either. I can ssh to the box from the internet but I cannot ssh to it from the internal network. The machine has 128.127.100.129 as its default gateway, which is also the gateway of all the machines in the network.

The dhcp works fine, what else could be the problem. I also disabled packet filter in case it was a rule problem. That didn't help either. Anything you can think of would be great.

thanks.
 
Old 06-21-2004, 11:32 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You would need to use proxy-arp for that, since as you pointed out IPs on both sides of the machine are on the same subnet. You can't do it as a bridge since the DHCP daemon will need an IP to use (bridges don't have IPs).
 
Old 06-21-2004, 02:46 PM   #3
c_rugby
LQ Newbie
 
Registered: Jun 2004
Posts: 3

Original Poster
Rep: Reputation: 0
So would the command

arp -s 128.127.100.129 [MAC Address o fthe internal interface] pub

work?

From what I can gather, my OpenBSD box would reply to the ARP requests on the internal network with its MAC address and then once it received the packets, it would forward them out its default gateway?
 
Old 06-21-2004, 04:23 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
In theory, yes OpenBSD man pages are generally very accurate, so I would be very surprised if that doesn't work. You will of course need to enable IP forwarding if you have not done so already (it's in /etc/sysctl.conf, which is where you would make it enable on boot, then use sysctl -w to write it to kernel memory to change it now w/o rebooting).

Oh, and going back the other way (from the gateway router to the OpenBSD box) you will either need to have the OpenBSD box proxy-arp on it's external address for all the internal IPs, or put the external interface on a tiny subnet with the gateway router, then on the router make a static route to the rest of the subnet that is behind the OpenBSD box and designate the external interface IP on the OBSD box as the gateway.

Last edit, I swear... You'll need to put that arp -s command in your /etc/rc.local file so it will run at boot, otherwise you'll have to manually re-add it each time.

Last edited by chort; 06-21-2004 at 04:29 PM.
 
Old 06-21-2004, 05:06 PM   #5
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
first decide what u want to do u have 2 options
1.make openbsd a bridge and do the filtering.
2.divide ur machines in two subnets give ur openbsd machine 2 ips.
one ip from one subnet and other one from second subnet.
on both subets make openbsd ips the gateway. enable ip forwarding.
then it will be a router.

by the way a bridge can have ip address.and openbsd bridge filters the traffic at layer 4.
 
Old 06-21-2004, 10:18 PM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
It should work fine with proxy-arp, that's the whole point of it's existence. Yes it would be better to re-subnet, but those look like public IPs to me and it would be a waste to use up 4 of them just for one link.
 
Old 06-23-2004, 10:23 AM   #7
c_rugby
LQ Newbie
 
Registered: Jun 2004
Posts: 3

Original Poster
Rep: Reputation: 0
I have two questions still:
1) Proxy Arp doesn't seem to be working. I think the problem may lie in the arp table where the proxy entry for the gateway is

128.127.X.y at [MAC Address of Internal Interface] on rl0 static published

I think the problem is that rl0 is the external interface and not the internal interface. How do you change the interface named in the arp table. The MAC address is correct.

2) If the above problem isn't solved I will probabl have to try subnetting. But I am unsure as to how to proceed. Does anyone know how I woul devenn go about that or where there might be a good tutorial?
 
Old 06-23-2004, 03:38 PM   #8
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Hmm, maybe I have it backwards and you need the MAC of the NIC the address can actually be reached by (i.e. you need to proxy the MAC of the NIC that's on the same network as that IP, not the MAC of the NIC on the same segment as the requestor).

I'll have to try this out at home, but it should be trivial for you to try.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
More OpenBSD router problems. zaicheke *BSD 2 10-14-2004 07:20 PM
OpenBSD: problems mounting usb floppy Berhanie *BSD 2 09-19-2004 09:53 PM
OpenBSD 3.4 Initial Login Problems TLMS *BSD 4 07-29-2004 06:50 PM
OpenBSD and Alpha Problems!!! lil_drummaboy *BSD 4 05-03-2004 07:13 PM
OpenBSD-3.3/enlightenment-0.16.5 menu problems Zal_Patera Linux - Software 1 08-26-2003 01:50 AM


All times are GMT -5. The time now is 08:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration