Reply With QuoteSee http://www.linuxjunior.org/yabbse/in...;threadid=1837 ... that might lend a helping hand.
I have some problems with setting up my gateway it won't pass through my clients, I have ip forwarding enabled, and in my nat.conf I have this:
I have also tried this though it shouldn't differCode:ext="dc0" nat on $ext from 192.168.1.1/24 to any -> $ext
my pf.conf looks like this:Code:nat on dc0 from 192.168.1.1/24 to any -> dc0
dc0 is connected to the internet and gets an ip from a dhcp server from my isp, I have tried pinging trying to get on to webpages nothing works it won't let me through for some odd reason.Code:pass in all pass out all
dc1 is the card for internal network, it is init. by hostname.dc1
any help would be apprecietedCode:inet 192.168.1.1. 255.255.255.0 NONE
I am running openbsd 3.1
See http://www.linuxjunior.org/yabbse/in...;threadid=1837 ... that might lend a helping hand.
no help in that thread to my present problem since all I want is to get my gateway to let my windows box talk to the rest of the world.
But thnx anyway
I see you have a trailing dot in your IP. Check to see if your Ip is good. Plus -- is your gateway on your gateway (try saying that five times) set correctly?
Can you ping your lan?
Haver you checked that the cables are plugged into the proper card?
This is all crap that I had to fix too. Some my fault, some just dealing with what device was what (3 NICs + 1 more I just added).
Code:$ cat /etc/mygate 192.168.1.1Code:$ cat /etc/resolv.conf search amerivoice.com nameserver 206.141.239.126 nameserver 206.141.251.2 nameserver 209.253.113.10 nameserver 209.253.113.18 lookup file bindI cant think of any more right now. But the goal is first to setup each nic to talk to the subnet it is on. For example, I got 4 NICS in mineCode:MCLEOD="xl0" nat on $MCLEOD from 206.190.6.0/24 to any -> $MCLEOD
1)LAN
2)DSL1
3)DSL2
4)Mail
Before worrying about configuring each service -- I had to ensure that each adapter is talking correctly. Trust me -- with 3 to start with -- things got real funky trying to keep each nic straight with where it was going. But a little patience and methodology it worked fine.
Did you load the nat rules and enable pf?
[quote author=GnuVince link=board=10;threadid=4126;start=0#41002 date=1026426109]
Did you load the nat rules and enable pf?
[/quote]
yes,
still no go
So if I read your data correctly, you are esssentially having an issue with your NIC, right? Post your /etc/hostname.dc0 (I think thats the one you werent able to ping thru on) and the results of a
ifconfig -a
and a
ping -I {thats a capital 'eye' and insert dc0's IP address here} google.com
that ping will ensure that we are pinging from THAT card, not another. Sounds stupid, but can help troubleshoot. May have a goofy routing entry that doesn't forward data correctly. Technically an ping should try the default subnet's adapter, and then goto the default gateway, and then the remaining local adapaters.
hostname.dc0
ifconfig -aCode:dhcp NONE NONE NONE
ping -l dc0_ip google.comCode:lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 lo1: flags=8008<LOOPBACK,MULTICAST> mtu 33224 dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::208:a1ff:fe24:fce0%dc0 prefixlen 64 scopeid 0x1 inet 213.112.91.215 netmask 0xffffff80 broadcast 213.112.91.255 dc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::208:a1ff:fe25:1e5d%dc1 prefixlen 64 scopeid 0x2 pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224 sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296 sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296 ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 tun0: flags=10<POINTOPOINT> mtu 3000 tun1: flags=10<POINTOPOINT> mtu 3000 enc0: flags=0<> mtu 1536 bridge0: flags=0<> mtu 1500 bridge1: flags=0<> mtu 1500 vlan0: flags=0<> mtu 1500 vlan1: flags=0<> mtu 1500 gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450 gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
Code:PING google.com (216.239.35.100): 56 data bytes 64 bytes from 216.239.35.100: icmp_seq=1 ttl=46 time=170.904 ms 64 bytes from 216.239.35.100: icmp_seq=3 ttl=46 time=171.133 ms 64 bytes from 216.239.35.100: icmp_seq=0 ttl=46 time=171.664 ms ... --- google.com ping statistics --- 216 packets transmitted, 72 packets received, 66% packet loss round-trip min/avg/max/std-dev = 170.904/179.426/189.504/7.416 ms
Great we can talk out. Now can we talk on the LAN? Try a ping -I dc1_ip another box on the LAN.
If we can talk, there we can move on to checking the nat rules more closely. I would suggest flushing all pf rules and sticking only with a basic nat entry in nat.conf:
Code:pfctl -F rules pfclt -F nat pfctl -N nat.confOne other thing -- are you positive that the NIC and cable are good? If you setup the LAN side card as a WAN adapter (rename th hostname.dc0 to dc1 and the dc1 to dc0) do you still only get WAN access, or are you now limited to just LAN? I had my share of faulty NICs and ethernet patch cable. You may also have a faulty port on the hub. It is all things I would take into consideration. First off, being the card, then cable, then hub port. If you are using a patch bay, check to see if you punched the cable in well enough. I had a few cables fail, only because the punchdown was loose.Code:WAN="dc0" nat on $WAN from 192.168.1.0/24 to any -> $WAN
Posting Permissions
Bookmarks