Saturday, April 01, 2023

Fwd: Understanding PF behavior

Well... somehow I managed to get inter rdomain forwarding.


I have no idea how...?????


I think things started to work when I changed this statement in PF:
block log on rdomain 0 from "block log"


Right now I can only communicate between rdomain 2 and rdomain 0.


I moved my ISP-B interface onto rdomain 3 and now can't ping the public
IP address either from domain 2 or domain 0


I did take a snapshot of the routing tables for each domain and of
course pf.conf is unaltered but I should back it up and transfer it locally.


Like I wrote previously about using 'tcpdump enipflog'... the rule
numbers don't make any sense at all to me. I don't understand why I keep
seeing "rule 1" for just about all traffic. - It's definitely strange??
Perhaps my pf.conf file is totally messed up as far as rules go? I am
not sure. It would be really nice to see the matched evaluation numbers
from: pfctl -vv -sr

so something like 'rule 1183' or so....


Currently I am seriously thinking about just spending $$$ and buying a
Cisco router with 3x interfaces to use as a multi WAN gateway, though
it's probably more out of frustration then anything else. I'm sure it is
possible to get working in OpenBSD as Stu has said already but not
making any headway or little headway after so long is well.... grrrrr lol


I guess right now my goal is just to be able to ping the ISP-B interface
from rdomain 2. If I can managed that I should have a better path
forward. Really what I do need is a test box... something with 2x or 3x
physical interfaces that won't cause my whole system to stop working by
starting with a clean pf.conf file. That said I the SuperMicro uATX box
I have doesn't work either :-( as it's started clicking so no idea where
the fault is? M/B or PSU?? More headache :-(


Too much crap on my shoulders right now also with 5x HDD failures and a
15 year old Cisco WLC system which is flaky to connect to meaning that
more often then not 802.11 devices are not connected. I really wish I
could just upgrade to a nice Gen6 system sigh.....


What a frustrating way to spend a Saturday evening but I guess it won't
get any better.... so bla :-(


Anyway will keep trying to solve this darn riddle

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)