API tools faq
paste
Advertisement
iantimothy

openbsd routing issue

iantimothy
Mar 2nd, 2018
144
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.83 KB | None | 0 0
raw download clone embed print report
  1. ┌──────────────┐ ┌──────────────────────┐ ┌───────────────┐
  2. │ comcast │ │ gateway │ │ workstation │
  3. │ 23.30.51.BBB │───────│ 23.30.51.AAA (en1) │───────│ 10.0.0.4 │
  4. │ │ │ 10.0.0.1 (en0) │ │ │
  5. └──────────────┘ └──────────────────────┘ └───────────────┘
  6.  
  7.  
  8. -------------------------------------------------- traceroute to www.apple.com on workstation
  9.  
  10. $ traceroute www.apple.com
  11. traceroute to e6858.dsce9.akamaiedge.net (23.2.47.133), 64 hops max, 52 byte packets
  12. 1 10.0.0.1 (10.0.0.1) 0.534 ms 0.410 ms 0.346 ms
  13. 2 * * *
  14. 3 * * *
  15. 4 10.0.0.1 (10.0.0.1) 0.454 ms !H 0.370 ms !H 0.376 ms !H
  16.  
  17.  
  18. -------------------------------------------------- traceroute to www.apple.com on gateway
  19.  
  20. # traceroute www.apple.com
  21. traceroute to e6858.dsce9.akamaiedge.net (23.2.47.133), 64 hops max, 40 byte packets
  22. 1 * * *
  23. 2 * * *
  24. traceroute: sendto: Host is down
  25. 3 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  26. *traceroute: sendto: Host is down
  27. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  28. *traceroute: sendto: Host is down
  29. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  30. *
  31. 4 * * *
  32. 5 * * *
  33. 6 * *traceroute: sendto: Host is down
  34. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  35. *
  36. traceroute: sendto: Host is down
  37. 7 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  38. *traceroute: sendto: Host is down
  39. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  40. * *
  41. 8 * * *
  42. 9 * *traceroute: sendto: Host is down
  43. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  44. *
  45. traceroute: sendto: Host is down
  46. 10 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  47. *traceroute: sendto: Host is down
  48. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  49. * *
  50. 11 * * *
  51. 12 * *traceroute: sendto: Host is down
  52. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  53. *
  54. traceroute: sendto: Host is down
  55. 13 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  56. *traceroute: sendto: Host is down
  57. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  58. * *
  59. 14 * * *
  60. 15 * *traceroute: sendto: Host is down
  61. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  62. *
  63. traceroute: sendto: Host is down
  64. 16 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  65. *traceroute: sendto: Host is down
  66. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  67. * *
  68. 17 * * *
  69. 18 * *traceroute: sendto: Host is down
  70. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  71. *
  72. traceroute: sendto: Host is down
  73. 19 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  74. *traceroute: sendto: Host is down
  75. traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
  76. *^C
  77.  
  78.  
  79. -------------------------------------------------- traceroute to openbsd.org on workstation
  80.  
  81. $ traceroute openbsd.org
  82. traceroute to openbsd.org (129.128.5.194), 64 hops max, 52 byte packets
  83. 1 10.0.0.1 (10.0.0.1) 0.618 ms 0.346 ms 0.341 ms
  84. 2 23-30-51-BBB-static.hfc.comcastbusiness.net (23.30.51.BBB) 0.484 ms 0.477 ms 0.473 ms
  85. 3 96.120.96.29 (96.120.96.29) 8.534 ms 7.113 ms 7.731 ms
  86. 4 po-114-rur201.saltlakecity.ut.utah.comcast.net (162.151.39.25) 8.304 ms 8.558 ms 7.076 ms
  87. 5 be-2-ar01.saltlakecity.ut.utah.comcast.net (69.139.231.85) 19.201 ms 8.486 ms 11.710 ms
  88. 6 be-33660-cr02.denver.co.ibone.comcast.net (68.86.90.225) 26.080 ms 56.162 ms 57.898 ms
  89. 7 be-11724-cr02.dallas.tx.ibone.comcast.net (68.86.84.230) 34.313 ms 38.321 ms 34.319 ms
  90. 8 be-12495-pe03.1950stemmons.tx.ibone.comcast.net (68.86.85.194) 33.846 ms 33.584 ms 33.036 ms
  91. 9 50.248.117.6 (50.248.117.6) 35.474 ms 35.658 ms 39.687 ms
  92. 10 100ge12-2.core1.mci3.he.net (184.105.81.205) 52.641 ms 63.569 ms 50.444 ms
  93. 11 100ge9-2.core1.oma1.he.net (184.105.65.166) 52.396 ms 58.207 ms 57.415 ms
  94. 12 100ge8-1.core1.blp1.he.net (184.105.65.98) 53.228 ms 50.355 ms 52.272 ms
  95. 13 100ge8-2.core1.msp1.he.net (184.105.64.97) 83.555 ms 61.255 ms 52.033 ms
  96. 14 100ge10-1.core1.ywg1.he.net (184.105.64.86) 63.291 ms 63.219 ms 69.655 ms
  97. 15 10ge3-1.core1.yxe1.he.net (184.105.81.142) 69.614 ms 69.758 ms 68.824 ms
  98. 16 10ge2-1.core1.yeg1.he.net (184.105.81.146) 70.364 ms 70.983 ms 66.476 ms
  99. 17 university-of-alberta-sms.10gigabitethernet2-2.core1.yeg1.he.net (184.105.18.50) 72.018 ms 71.187 ms 70.669 ms
  100. 18 cabcore-esqgw.corenet.ualberta.ca (129.128.255.35) 71.070 ms 70.712 ms 70.959 ms
  101. 19 echadcn7k-cabcore.corenet.ualberta.ca (129.128.0.117) 70.718 ms 71.709 ms 71.652 ms
  102. 20 obsd3.srv.ualberta.ca (129.128.5.194) 70.947 ms 71.848 ms 70.541 ms
  103.  
  104.  
  105. -------------------------------------------------- traceroute to openbsd.org on gateway
  106.  
  107. # traceroute openbsd.org
  108. traceroute to openbsd.org (129.128.5.194), 64 hops max, 40 byte packets
  109. 1 23-30-51-BBB-static.hfc.comcastbusiness.net (23.30.51.BBB) 0.379 ms 0.172 ms 0.17 ms
  110. 2 96.120.96.29 (96.120.96.29) 9.518 ms 9.466 ms 7.477 ms
  111. 3 po-114-rur201.saltlakecity.ut.utah.comcast.net (162.151.39.25) 7.31 ms 7.569 ms 8.522 ms
  112. 4 be-2-ar01.saltlakecity.ut.utah.comcast.net (69.139.231.85) 7.924 ms 7.931 ms 7.759 ms
  113. 5 be-33660-cr02.denver.co.ibone.comcast.net (68.86.90.225) 19.648 ms 20.628 ms 20.532 ms
  114. 6 be-11724-cr02.dallas.tx.ibone.comcast.net (68.86.84.230) 34.11 ms 34.014 ms 33.783 ms
  115. 7 be-12495-pe03.1950stemmons.tx.ibone.comcast.net (68.86.85.194) 33.121 ms 33.09 ms 32.289 ms
  116. 8 50.248.117.6 (50.248.117.6) 35.311 ms 32.96 ms 40.489 ms
  117. 9 100ge12-2.core1.mci3.he.net (184.105.81.205) 53.725 ms 51.921 ms 48.111 ms
  118. 10 100ge9-2.core1.oma1.he.net (184.105.65.166) 51.886 ms 52.528 ms 51.832 ms
  119. 11 100ge8-1.core1.blp1.he.net (184.105.65.98) 51.354 ms 51.606 ms 51.59 ms
  120. 12 100ge8-2.core1.msp1.he.net (184.105.64.97) 52.284 ms 62.4 ms 52.947 ms
  121. 13 100ge10-1.core1.ywg1.he.net (184.105.64.86) 60.818 ms 59.514 ms 65.272 ms
  122. 14 10ge3-1.core1.yxe1.he.net (184.105.81.142) 68.768 ms 68.6 ms 73.546 ms
  123. 15 10ge2-1.core1.yeg1.he.net (184.105.81.146) 69.846 ms 69.449 ms 69.868 ms
  124. 16 university-of-alberta-sms.10gigabitethernet2-2.core1.yeg1.he.net (184.105.18.50) 70.223 ms 70.434 ms 70.198 ms
  125. 17 cabcore-esqgw.corenet.ualberta.ca (129.128.255.35) 70.301 ms 71.136 ms 71.487 ms
  126. 18 echadcn7k-cabcore.corenet.ualberta.ca (129.128.0.117) 70.601 ms 70.27 ms 70.674 ms
  127. 19 obsd3.srv.ualberta.ca (129.128.5.194) 70.243 ms 70.414 ms 70.102 ms
  128.  
  129.  
  130. -------------------------------------------------- ifconfig
  131.  
  132. # ifconfig -A
  133. lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
  134. index 5 priority 0 llprio 3
  135. groups: lo
  136. inet6 ::1 prefixlen 128
  137. inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
  138. inet 127.0.0.1 netmask 0xff000000
  139. em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  140. lladdr 68:05:ca:41:ab:45
  141. index 1 priority 0 llprio 3
  142. media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
  143. status: active
  144. inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255
  145. em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  146. lladdr 00:1c:c0:c8:7b:fb
  147. index 2 priority 0 llprio 3
  148. groups: egress
  149. media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
  150. status: active
  151. inet 23.30.51.BBB netmask 0xfffffff8 broadcast 23.30.51.135
  152. inet 23.30.51.CCC netmask 0xff000000 broadcast 23.255.255.255
  153. em2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
  154. lladdr 68:05:ca:01:81:70
  155. index 3 priority 0 llprio 3
  156. media: Ethernet autoselect (none)
  157. status: no carrier
  158. enc0: flags=0<>
  159. index 4 priority 0 llprio 3
  160. groups: enc
  161. status: active
  162. pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33172
  163. index 6 priority 0 llprio 3
  164. groups: pflog
  165.  
  166.  
  167. -------------------------------------------------- route table
  168.  
  169. # route -n show
  170. Routing tables
  171.  
  172. Internet:
  173. Destination Gateway Flags Refs Use Mtu Prio Iface
  174. default 23.30.51.BBB UGS 1478 78824401 - 8 em1
  175. 224/4 127.0.0.1 URS 0 24555 32768 8 lo0
  176. 10/8 10.0.0.1 UCn 30 286794 - 4 em0
  177. 10.0.0.1 68:05:ca:41:ab:45 UHLl 0 398742 - 1 em0
  178. 10.0.0.2 e8:06:88:ca:2c:89 UHLc 0 31426761 - 3 em0
  179. 10.0.0.3 00:0c:29:df:4b:24 UHLc 0 4620936 - 3 em0
  180. 10.0.0.4 00:25:00:f4:df:74 UHLc 1 1131140 - 3 em0
  181. 10.0.0.6 00:25:90:0d:1f:2b UHLc 0 53813 - 3 em0
  182. 10.0.0.7 a4:bf:01:0e:5a:82 UHLc 0 467144 - 3 em0
  183. 10.0.0.8 08:00:06:70:e6:88 UHLc 0 279622 - 3 em0
  184. 10.0.0.11 00:15:17:fd:c5:28 UHLc 0 148492 - 3 em0
  185. 10.0.0.18 00:15:17:26:66:ac UHLc 0 15678 - 3 em0
  186. 10.0.0.34 00:50:c2:47:8a:f3 UHLc 0 97799 - 3 em0
  187. 10.0.0.102 00:1f:f3:c9:07:22 UHLc 0 266047 - 3 em0
  188. 10.0.0.105 00:1e:52:88:2e:eb UHLc 0 675107 - 3 em0
  189. 10.0.0.111 88:6b:6e:e9:7d:a2 UHLc 0 285736 - 3 em0
  190. 10.0.0.112 00:3e:e1:c3:50:82 UHLc 0 268394 - 3 em0
  191. 10.0.0.118 00:0c:29:0b:ea:07 UHLc 0 282754 - 3 em0
  192. 10.0.0.119 38:c9:86:0a:8e:c4 UHLc 0 2173883 - 3 em0
  193. 10.0.0.126 00:13:20:d3:1c:0e UHLc 0 55388 - 3 em0
  194. 10.0.0.140 d8:30:62:49:8a:38 UHLc 0 272489 - 3 em0
  195. 10.0.0.144 00:03:ea:11:3c:ab UHLc 0 98439 - 3 em0
  196. 10.0.0.147 00:30:18:c9:44:db UHLc 0 196593 - 3 em0
  197. 10.0.0.148 00:1f:f3:c9:07:22 UHLc 0 268643 - 3 em0
  198. 10.0.0.149 f0:9f:c2:7f:bb:08 UHLc 0 3877 - 3 em0
  199. 10.0.0.151 f0:9f:c2:7f:26:c7 UHLc 0 3881 - 3 em0
  200. 10.0.0.158 78:8a:20:fa:8d:15 UHLc 1 13231 - 3 em0
  201. 10.0.0.159 3c:07:54:5b:83:97 UHLc 0 267368 - 3 em0
  202. 10.0.0.161 78:8a:20:47:ee:c9 UHLc 0 3637 - 3 em0
  203. 10.0.0.166 34:68:95:43:60:6d UHLc 0 203883 - 3 em0
  204. 10.0.0.176 00:23:df:fd:7d:28 UHLc 0 1109454 - 3 em0
  205. 10.0.0.177 00:07:e9:2f:5a:43 UHLc 0 13899 - 3 em0
  206. 10.0.0.179 90:72:40:08:52:aa UHLc 0 285996 - 3 em0
  207. 10.0.0.255 link#1 UHLc 0 286789 - 3 em0
  208. 10.255.255.255 10.0.0.1 UHb 0 27172 - 1 em0
  209. 23/8 23.30.51.CCC UCn 2 5 - 4 em1
  210. 23.2.168.6 link#2 UHRLc 0 15 - 3 em1
  211. 23.30.51.EEE/29 23.30.51.AAA UCn 1 31897 - 4 em1
  212. 23.30.51.AAA 00:1c:c0:c8:7b:fb UHLl 0 430651 - 1 em1
  213. 23.30.51.CCC 00:1c:c0:c8:7b:fb UHLl 0 1545 - 1 em1
  214. 23.30.51.BBB 6c:b0:ce:60:77:fb UHLch 2 53257 - 3 em1
  215. 23.30.51.DDD 23.30.51.AAA UHb 0 7866 - 1 em1
  216. 23.111.152.74 link#2 UHLc 0 6 - 3 em1
  217. 23.255.255.255 23.30.51.CCC UHb 0 0 - 1 em1
  218. 123.183.209.137 23.30.51.BBB UGHD 2 78822691 - L 8 em1
  219. 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0
  220. 127.0.0.1 127.0.0.1 UHhl 1 106 32768 1 lo0
  221.  
  222. Internet6:
  223. Destination Gateway Flags Refs Use Mtu Prio Iface
  224. ::/96 ::1 UGRS 0 0 32768 8 lo0
  225. ::/104 ::1 UGRS 0 0 32768 8 lo0
  226. ::1 ::1 UHhl 14 28 32768 1 lo0
  227. ::127.0.0.0/104 ::1 UGRS 0 0 32768 8 lo0
  228. ::224.0.0.0/100 ::1 UGRS 0 0 32768 8 lo0
  229. ::255.0.0.0/104 ::1 UGRS 0 0 32768 8 lo0
  230. ::ffff:0.0.0.0/96 ::1 UGRS 0 0 32768 8 lo0
  231. 2002::/24 ::1 UGRS 0 0 32768 8 lo0
  232. 2002:7f00::/24 ::1 UGRS 0 0 32768 8 lo0
  233. 2002:e000::/20 ::1 UGRS 0 0 32768 8 lo0
  234. 2002:ff00::/24 ::1 UGRS 0 0 32768 8 lo0
  235. fe80::/10 ::1 UGRS 0 0 32768 8 lo0
  236. fec0::/10 ::1 UGRS 0 0 32768 8 lo0
  237. fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768 1 lo0
  238. ff01::/16 ::1 UGRS 0 0 32768 8 lo0
  239. ff01::%lo0/32 ::1 Um 0 1 32768 4 lo0
  240. ff02::/16 ::1 UGRS 0 0 32768 8 lo0
  241. ff02::%lo0/32 ::1 Um 0 1 32768 4 lo0
  242.  
  243.  
  244. -------------------------------------------------- /etc/mygate
  245.  
  246. # cat /etc/mygate
  247. 23.30.51.BBB
  248.  
  249.  
  250. -------------------------------------------------- /etc/pf.conf
  251.  
  252. int_if = "em0"
  253.  
  254. cable_if = "em1"
  255. cable_gw = "23.30.51.BBB"
  256.  
  257. ext_if = "{" $cable_if "}"
  258.  
  259. gateway_ip_ext = "{ 23.30.51.AAA }"
  260. gateway_ip_int = "{ 10.0.0.1 }"
  261.  
  262. set skip on lo
  263.  
  264. block return # block stateless traffic
  265. pass # establish keep-state
  266.  
  267. # outgoing
  268. pass out log on $cable_if from $int_if:network to any nat-to $gateway_ip_ext
  269.  
  270.  
  271. -------------------------------------------------- pf rules
  272.  
  273. # pfctl -s rules
  274. block return all
  275. pass all flags S/SA
  276. pass out log on em1 inet from 10.0.0.0/8 to any flags S/SA nat-to 23.30.51.AAA
  277.  
  278.  
  279. -------------------------------------------------- /etc/sysctl.conf
  280.  
  281. net.inet.ip.forwarding=1
  282. net.inet6.ip6.forwarding=1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!