On 10/27/07, Jake Conk <[EMAIL PROTECTED]> wrote: > On 10/27/07, Tony Sarendal <[EMAIL PROTECTED]> wrote: > > On 10/27/07, Tony Sarendal <[EMAIL PROTECTED]> wrote: > > > > > > On 10/27/07, Jake Conk <[EMAIL PROTECTED]> wrote: > > > > > > > Hello, > > > > > > > > I have my OpenBSD machine setup as a router and when I moved my > > > > network from my office to my new datacenter I was no longer able to > > > > connect to the internet from machines behind the obsd router. When I > > > > try to ping a domain such as google.com from any of the machines > > > > behind the router I get the ip adress of the domain or host back BUT I > > > > do not get any successful replies back. > > > > > > > > I do have ipforwarding setup and my openbsd router machine has named > > > > setup also but as a forwarder to nameservers I have located elsewhere. > > > > > > > > The only thing that changed when moving from network a (the office) to > > > > network b (the datacenter) was the ip. It use to have a private ip and > > > > now has a public ip attached to one of the ports. All the internal ips > > > > with and behind the router remain the same. > > > > > > > > The router has actually 2 public ips, one that is carped and another > > > > ip address that is just configured as a public ip. > > > > > > > > I don't know what else the problem could be. I've updated my default > > > > gateway and ip addresses on my openbsd router, what else am I missing > > > > here? Is there something probably cached that is sending requests from > > > > my machines behind the router to its old ip that used to be configured > > > > on the server? > > > > > > > > Please help! > > > > > > > > > Do your upstream routers know how to find the networks behind your > > > openbsd router ? > > > > > > > I should not send emails before drinking coffee... > > You use private addresses on the inside. > > > > Use tcpdump to see that packets going out the firewall are nat'ed correctly, > > and the responses come back. > > > > /Tony > > > > > Tony, > > First of all what are you referring to as my upstream router? > > Secondly about nat, well that's the weird thing, the machines behind > the router get the public domain's ip when ping'ing but just don't get > any return reply packets which is really weird to me. I have ip > forwarding in sysctl and my pf is configured to nat. Did I miss > something? > > Thanks, > - Jake > Hello,
Well thanks to Nic from the #openbsd room we were able to figure out my problem. All it was - was adding ":network" to my internal interface in my pf nat rules so my nat rule would end up ultimately looking like this: nat on $ext_if inet from $int_if:network to any -> ($ext_if) I don't know why it used to work in my previous network before without the ":network" feature added which is why I would have never thought it to be my pf rules. Anyways everything is working now, thanks :) - Jake
