Re: Routed issue.. I think

[Todd Boyer <TBoyer@smcteam.com>]

Start in pf.conf:

pass inet from 192.168.0.0/24 to 192.168.150.0/24
pass inet from 192.168.150.0/24 to 192.168.0.0/24

Make sure no other block rules (quick) prevent traffic from either network
from passing

Set the same in the netgear appliance

-Todd

-----Original Message-----
From: Derrick MacPherson [mailto:dmacpher@vfs.com]
Sent: Friday, September 19, 2003 10:53 AM
To: misc@openbsd.org
Subject: Routed issue.. I think


Location A 
Openbsd 3.2 firewall 
$if_ext a.a.a.a
$if_int 192.168.150.x

Location B
Netgear router
$if_ext2 b.b.b.b
$if_int2 192.168.0.1

I have got a VPN working, I assume as I can from the bsd firewall I can ping
internall address's of Location B. My problem is that I can't see out to the
VPN to the other side, if I try to ping from internal network A it fails:

(monolith - 192.168.150.x)

monolith 1# ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2): 56 data bytes
36 bytes from mfwvgate.mercuryfilmworks.com (192.168.150.254): Destination
Host Unreachable for icmp_seq=0
36 bytes from mfwvgate.mercuryfilmworks.com (192.168.150.254): Destination
Host Unreachable for icmp_seq=1

Routed is not running, and I am not sure if it needs to be, or if I should
be adding a static route via 'route add net'. I also am unsure if I need to
set something in PF to allow through. 

When I do netstat -rn:


Encap:
Source             Port  Destination        Port  Proto
SA(Address/Proto/Type/Direction)
192.168.0/24       0     a.a.a.a/32  0     0     b.b.b.b/50/use/in
A.a.a.a/32  0     192.168.0/24       0     0     b.b.b.b/50/require/out

Does that look OK?

Any suggestions?