NAT Only Sort Of Working

I am having difficulty with NAT. I thought it would have been easy.

/etc/rc.conf
Code:
defaultrouter="192.168.64.1"
gateway_enable="YES"
ifconfig_igb0="inet 192.168.32.22 netmask 255.255.255.0"
ifconfig_igb0_alias0="inet 192.168.32.5 netmask 255.255.255.255"
ifconfig_igb0_alias1="inet 192.168.33.1 netmask 255.255.255.0"
ifconfig_igb0_alias2="inet 192.168.34.1 netmask 255.255.255.0"
ifconfig_igb0_alias3="inet 192.168.35.1 netmask 255.255.255.0"
ifconfig_aq0="inet 192.168.64.5 netmask 255.255.255.0"

/etc/pf.conf
Code:
nat on aq0 from "192.168.32.0/22" to any -> (aq0)

Other machine on the LAN use 192.168.32.5 as the default route. From them I can ping few IPs on the internet, but most I cannot.

What a I doing wrong?
 
"192.168.32.0/22"
Wrong subnet mask.
Code:
ifconfig_igb0="inet 192.168.32.22 netmask 255.255.255.0"
ifconfig_igb0_alias0="inet 192.168.32.5 netmask 255.255.255.255"
ifconfig_igb0_alias1="inet 192.168.33.1 netmask 255.255.255.0"
ifconfig_igb0_alias2="inet 192.168.34.1 netmask 255.255.255.0"
ifconfig_igb0_alias3="inet 192.168.35.1 netmask 255.255.255.0"

You're trying to supernet here, which you shouldn't do. Supernetting can be done but it's really finicky and error-prone. Don't mix different subnets on the same interface. That's a recipe for disaster. The whole reason to split things up into different subnets is to limit broadcast domains, and here you're lumping them all together in the same broadcast domain.
 
I have changed it:
Code:
ifconfig_igb0="inet 192.168.32.22 netmask 255.255.252.0"
ifconfig_igb0_alias0="inet 192.168.32.5 netmask 255.255.255.255"
ifconfig_igb0_alias1="inet 192.168.33.1 netmask 255.255.255.255"
ifconfig_igb0_alias2="inet 192.168.34.1 netmask 255.255.255.255"
ifconfig_igb0_alias3="inet 192.168.35.1 netmask 255.255.255.255"

But the same results.

What else may I be doing wrong?
 
Did you reload pf.conf after changing the IP addresses?

Check with tcpdump(1) and see what's actually on the wire.
 
Code:
ifconfig_igb0="inet 192.168.32.22 netmask 255.255.252.0"
ifconfig_igb0_alias0="inet 192.168.32.5 netmask 255.255.255.255"

Code:
nat on aq0 from "192.168.32.0/24" to any -> (aq0)

Is that better? Or am I not allowed an alias?

Same results. From the machine next to it 192.168.32.17, I can ping 1.1.1.1 and not 8.8.8.8.
 
I can ping 1.1.1.1 and not 8.8.8.8.
That sounds like a firewall rule blocking access. In any case, tcpdump(1) is the tool to use. Then you can actually "see" the packets (or not), instead of having to guess what's happening.
 
I think I have sorted it out.

SirDice, I take onboard what you were saying about supernetting.

Thank you for your help.

I have put in another network card and it all works wonders. I am using re0 instead of aq0.

Is if_atlantic only experimental? Is there another driver for aquantia?
 
That looks very new and that "Development preview" tag doesn't bode well either.
 
Nice new Supermicro machine, and here I am tearing it apart and putting in cannibalised parts.

Maybe in a few months, the driver will improve and I can use it.

In the meantime, I am going to bed.
 
Back
Top