On Mon, Apr 18, 2016 at 12:59 AM, Radek <[email protected]> wrote: > I'm trying to move my OpenBSD router from 5.4 to 5.9. > > 1. I copied VLANs conf from my 5.4. DHCPserver works, clients get IP. NAT > does not work. > 2. Then I removed trunk0. DHCPserver works, clients get IP. NAT does not work > still. > 3. Finally, I removed VLANs and NAT started to work. > > How can I bring my NAT to work with VLANs in 5.9? Where is the problem? (My > switch is configured correctly.) > > #cat /etc/sysctl.conf > net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 > packets > > #cat /etc/hostname.rl0 > inet X.X.X.X 255.255.254.0 NONE description "Interface WAN" > > @1. I copied VLANs conf from my 5.4. DHCPserver works, clients get IP. NAT > does not work. > > #cat /etc/pf.conf [changed to very short and simple for tests] > pass out on rl0 inet from vlan309:network to any nat-to rl0 > > #cat /etc/rc.conf.local > dhcpd_flags="vlan300 vlan308 vlan309 vlan310 vlan311 vlan400" > pf_rules=/etc/pf.conf > > #cat /etc/dhcpd.interfaces > vlan300 > vlan308 > vlan309 > vlan310 > vlan311 > vlan400
I think dhcpd.interfaces is a relic? For the longest time I've simply been specifying my interfaces in dhcpd_flags. > #cat /etc/hostname.em0 > up > > #cat /etc/hostname.em1 > up > > #cat /etc/hostname.trunk0 > trunkproto lacp trunkport em0 trunkport em1 lladdr 00:01:02:03:11:11 > up > > #cat /etc/hostname.vlan300 > inet 10.0.30.254 255.255.255.0 NONE vlan 300 vlandev trunk0 lladdr > 00:01:02:03:03:00 description "Interface VLAN-SERV" > > #cat /etc/hostname.vlan308 > inet 10.0.8.254 255.255.255.0 NONE vlan 308 vlandev trunk0 lladdr > 00:01:02:03:03:08 description "Interface VLAN-308I" > > #cat /etc/hostname.vlan309 > inet 10.0.9.254 255.255.255.0 NONE vlan 309 vlandev trunk0 lladdr > 00:01:02:03:03:09 description "Interface VLAN-309I" > [...] > > @2. Then I removed trunk0. DHCPserver works, clients get IP. NAT does not > work still. > > #cat /etc/pf.conf [changed to very short and simple for tests] > pass out on rl0 inet from vlan309:network to any nat-to rl0 > > #cat /etc/rc.conf.local > dhcpd_flags="vlan300 vlan308 vlan309 vlan310 vlan311 vlan400" > pf_rules=/etc/pf.conf > > #cat /etc/dhcpd.interfaces > vlan300 > vlan308 > vlan309 > vlan310 > vlan311 > vlan400 > > #cat /etc/hostname.em0 > up > > #cat /etc/hostname.vlan300 > inet 10.0.30.254 255.255.255.0 NONE vlan 300 vlandev em0 lladdr > 00:01:02:03:03:00 description "Interface VLAN-SERV" > > #cat /etc/hostname.vlan308 > inet 10.0.8.254 255.255.255.0 NONE vlan 308 vlandev em0 lladdr > 00:01:02:03:03:08 description "Interface VLAN-308I" > > #cat /etc/hostname.vlan309 > inet 10.0.9.254 255.255.255.0 NONE vlan 309 vlandev em0 lladdr > 00:01:02:03:03:09 description "Interface VLAN-309I" > [...] > > @3. Finally, I removed VLANs and NAT started to work. > > #cat /etc/pf.conf [changed to very short and simple for tests] > pass out on rl0 inet from em0:network to any nat-to rl0 > > #cat /etc/rc.conf.local > dhcpd_flags="em0" > pf_rules=/etc/pf.conf > > #cat /etc/dhcpd.interfaces > em0 > > #cat /etc/hostname.em0 > inet 10.0.8.254 255.255.255.0 NONE lladdr 00:01:02:03:03:08 description > "Interface VLAN-308" I use plenty of VLANs and have no NAT issues. You might want to review your ifconfig output, make certain your routing is correct and tcpdump one or more interfaces to make certain packets are being routed correctly.
