On 2009-05-07, carlopmart <[email protected]> wrote:
> Hi all,
>
> I am trying to establish default routes on an openbsd firewall using ospfd
> instead of use multipath+route to param under pf.conf without luck.
>
> My topology is:
>
> Internet ------- ExtFw1 ----------------|
> |
> OpenBSDFw ----- Internal Network
> |
> Internet ------- ExtFw2 ----------------|
>
>
> ExtFw1 and ExtFw2 are commercial products with different versions. I have
> put
> a rule to pass all traffic genereated by OpenBSD on both external firewalls.
ExtFw1 and ExtFw2 are running OSPF and announcing a default route
into it, right??
>
> My interfaces config are:
>
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:50:56:29:f2:2c
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex,master)
> status: active
> inet 172.25.50.1 netmask 0xffffffe0 broadcast 172.25.50.31
> inet6 fe80::250:56ff:fe29:f22c%em0 prefixlen 64 scopeid 0x1
> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:50:56:0f:7b:b0
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex,master)
> status: active
> inet6 fe80::250:56ff:fe0f:7bb0%em1 prefixlen 64 scopeid 0x2
> enc0: flags=0<> mtu 1536
> priority: 0
> vlan15: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:50:56:0f:7b:b0
> description: Management Interface
> priority: 0
> vlan: 15 priority: 0 parent interface: em1
> groups: vlan
> inet6 fe80::250:56ff:fe0f:7bb0%vlan15 prefixlen 64 scopeid 0x5
> inet 172.25.65.1 netmask 0xfffffff0 broadcast 172.25.65.15
> vlan25: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:50:56:0f:7b:b0
> description: VPN Interface
> priority: 0
> vlan: 25 priority: 0 parent interface: em1
> groups: vlan
> inet6 fe80::250:56ff:fe0f:7bb0%vlan25 prefixlen 64 scopeid 0x6
> inet 172.25.85.1 netmask 0xfffffff8 broadcast 172.25.85.7
> vlan35: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1496
> lladdr 00:50:56:0f:7b:b0
> description: Primary Outgoing Interface
> priority: 0
> vlan: 35 priority: 0 parent interface: em1
> groups: vlan egress
> inet6 fe80::250:56ff:fe0f:7bb0%vlan35 prefixlen 64 scopeid 0x7
> inet 192.168.100.66 netmask 0xfffffffc broadcast 192.168.100.67
> vlan45: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1496
> lladdr 00:50:56:0f:7b:b0
> description: Secondary Outgoing Interface
> priority: 0
> vlan: 45 priority: 0 parent interface: em1
> groups: vlan
> inet6 fe80::250:56ff:fe0f:7bb0%vlan45 prefixlen 64 scopeid 0x8
> inet 10.10.10.201 netmask 0xfffffff8 broadcast 10.10.10.207
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33204
> priority: 0
> groups: pflog
>
>
> My ospfd.conf:
>
> router-id 192.168.100.66
> fib-update yes
> redistribute connected
> redistribute default
>
> area 0.0.0.0 {
> auth-type none
> interface vlan35
> interface vlan45 { metric 20 }
> }
>
> Output of "ospctl show database" command is:
>
> Router Link States (Area 0.0.0.0)
>
> Link ID Adv Router Age Seq# Checksum
> 192.168.100.66 192.168.100.66 641 0x80000001 0x3bdc
>
> Type-5 AS External Link States
>
> Link ID Adv Router Age Seq# Checksum
> 0.0.0.0 192.168.100.66 641 0x80000001 0x11cf
> 172.25.50.0 192.168.100.66 641 0x80000001 0x3ccb
> 172.25.65.0 192.168.100.66 641 0x80000001 0xf6f1
> 172.25.85.0 192.168.100.66 641 0x80000001 0x4a82
>
>
>
> Output of "ospctl show n" command is:
>
> r...@obsdintfw:~# ospfctl show n
> ID Pri State DeadTime Address Iface Uptime
>
> r...@obsdintfw:~#
>
>
> Output of "ospctl show r" command is:
>
> r...@obsdfwint:~# ospfctl show r
> Destination Nexthop Path Type Type Cost Uptime
>
> r...@obsdfwint:~#
>
> Is this configuration correct? Why can't I establish my default routes with
> multipath using ospfd? Or I am wrong and only I can use multipath+route to
> with
> pf.conf??
>
> Many thanks.
