El problema que estoy experimentando es que el acceso a algunos sitios de Internet funciona bien y otros se agotan. Por ejemplo, traceroute to www.apple.comestá roto, donde openbsd.orgestá bien.
┌──────────────┐ ┌──────────────────────┐ ┌───────────────┐
│ comcast │ │ gateway │ │ workstation │
│ 23.30.51.BBB │───────│ 23.30.51.AAA (en1) │───────│ 10.0.0.4 │
│ │ │ 10.0.0.1 (en0) │ │ │
└──────────────┘ └──────────────────────┘ └───────────────┘
-------------------------------------------------- traceroute to www.apple.com on workstation
$ traceroute www.apple.com
traceroute to e6858.dsce9.akamaiedge.net (23.2.47.133), 64 hops max, 52 byte packets
1 10.0.0.1 (10.0.0.1) 0.534 ms 0.410 ms 0.346 ms
2 * * *
3 * * *
4 10.0.0.1 (10.0.0.1) 0.454 ms !H 0.370 ms !H 0.376 ms !H
-------------------------------------------------- traceroute to www.apple.com on gateway
# traceroute www.apple.com
traceroute to e6858.dsce9.akamaiedge.net (23.2.47.133), 64 hops max, 40 byte packets
1 * * *
2 * * *
traceroute: sendto: Host is down
3 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*
4 * * *
5 * * *
6 * *traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*
traceroute: sendto: Host is down
7 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
* *
8 * * *
9 * *traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*
traceroute: sendto: Host is down
10 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
* *
11 * * *
12 * *traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*
traceroute: sendto: Host is down
13 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
* *
14 * * *
15 * *traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*
traceroute: sendto: Host is down
16 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
* *
17 * * *
18 * *traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*
traceroute: sendto: Host is down
19 traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*traceroute: sendto: Host is down
traceroute: wrote e6858.dsce9.akamaiedge.net 40 chars, ret=-1
*^C
-------------------------------------------------- traceroute to openbsd.org on workstation
$ traceroute openbsd.org
traceroute to openbsd.org (129.128.5.194), 64 hops max, 52 byte packets
1 10.0.0.1 (10.0.0.1) 0.618 ms 0.346 ms 0.341 ms
2 23-30-51-BBB-static.hfc.comcastbusiness.net (23.30.51.BBB) 0.484 ms 0.477 ms 0.473 ms
3 96.120.96.29 (96.120.96.29) 8.534 ms 7.113 ms 7.731 ms
4 po-114-rur201.saltlakecity.ut.utah.comcast.net (162.151.39.25) 8.304 ms 8.558 ms 7.076 ms
5 be-2-ar01.saltlakecity.ut.utah.comcast.net (69.139.231.85) 19.201 ms 8.486 ms 11.710 ms
6 be-33660-cr02.denver.co.ibone.comcast.net (68.86.90.225) 26.080 ms 56.162 ms 57.898 ms
7 be-11724-cr02.dallas.tx.ibone.comcast.net (68.86.84.230) 34.313 ms 38.321 ms 34.319 ms
8 be-12495-pe03.1950stemmons.tx.ibone.comcast.net (68.86.85.194) 33.846 ms 33.584 ms 33.036 ms
9 50.248.117.6 (50.248.117.6) 35.474 ms 35.658 ms 39.687 ms
10 100ge12-2.core1.mci3.he.net (184.105.81.205) 52.641 ms 63.569 ms 50.444 ms
11 100ge9-2.core1.oma1.he.net (184.105.65.166) 52.396 ms 58.207 ms 57.415 ms
12 100ge8-1.core1.blp1.he.net (184.105.65.98) 53.228 ms 50.355 ms 52.272 ms
13 100ge8-2.core1.msp1.he.net (184.105.64.97) 83.555 ms 61.255 ms 52.033 ms
14 100ge10-1.core1.ywg1.he.net (184.105.64.86) 63.291 ms 63.219 ms 69.655 ms
15 10ge3-1.core1.yxe1.he.net (184.105.81.142) 69.614 ms 69.758 ms 68.824 ms
16 10ge2-1.core1.yeg1.he.net (184.105.81.146) 70.364 ms 70.983 ms 66.476 ms
17 university-of-alberta-sms.10gigabitethernet2-2.core1.yeg1.he.net (184.105.18.50) 72.018 ms 71.187 ms 70.669 ms
18 cabcore-esqgw.corenet.ualberta.ca (129.128.255.35) 71.070 ms 70.712 ms 70.959 ms
19 echadcn7k-cabcore.corenet.ualberta.ca (129.128.0.117) 70.718 ms 71.709 ms 71.652 ms
20 obsd3.srv.ualberta.ca (129.128.5.194) 70.947 ms 71.848 ms 70.541 ms
-------------------------------------------------- traceroute to openbsd.org on gateway
# traceroute openbsd.org
traceroute to openbsd.org (129.128.5.194), 64 hops max, 40 byte packets
1 23-30-51-BBB-static.hfc.comcastbusiness.net (23.30.51.BBB) 0.379 ms 0.172 ms 0.17 ms
2 96.120.96.29 (96.120.96.29) 9.518 ms 9.466 ms 7.477 ms
3 po-114-rur201.saltlakecity.ut.utah.comcast.net (162.151.39.25) 7.31 ms 7.569 ms 8.522 ms
4 be-2-ar01.saltlakecity.ut.utah.comcast.net (69.139.231.85) 7.924 ms 7.931 ms 7.759 ms
5 be-33660-cr02.denver.co.ibone.comcast.net (68.86.90.225) 19.648 ms 20.628 ms 20.532 ms
6 be-11724-cr02.dallas.tx.ibone.comcast.net (68.86.84.230) 34.11 ms 34.014 ms 33.783 ms
7 be-12495-pe03.1950stemmons.tx.ibone.comcast.net (68.86.85.194) 33.121 ms 33.09 ms 32.289 ms
8 50.248.117.6 (50.248.117.6) 35.311 ms 32.96 ms 40.489 ms
9 100ge12-2.core1.mci3.he.net (184.105.81.205) 53.725 ms 51.921 ms 48.111 ms
10 100ge9-2.core1.oma1.he.net (184.105.65.166) 51.886 ms 52.528 ms 51.832 ms
11 100ge8-1.core1.blp1.he.net (184.105.65.98) 51.354 ms 51.606 ms 51.59 ms
12 100ge8-2.core1.msp1.he.net (184.105.64.97) 52.284 ms 62.4 ms 52.947 ms
13 100ge10-1.core1.ywg1.he.net (184.105.64.86) 60.818 ms 59.514 ms 65.272 ms
14 10ge3-1.core1.yxe1.he.net (184.105.81.142) 68.768 ms 68.6 ms 73.546 ms
15 10ge2-1.core1.yeg1.he.net (184.105.81.146) 69.846 ms 69.449 ms 69.868 ms
16 university-of-alberta-sms.10gigabitethernet2-2.core1.yeg1.he.net (184.105.18.50) 70.223 ms 70.434 ms 70.198 ms
17 cabcore-esqgw.corenet.ualberta.ca (129.128.255.35) 70.301 ms 71.136 ms 71.487 ms
18 echadcn7k-cabcore.corenet.ualberta.ca (129.128.0.117) 70.601 ms 70.27 ms 70.674 ms
19 obsd3.srv.ualberta.ca (129.128.5.194) 70.243 ms 70.414 ms 70.102 ms
-------------------------------------------------- ifconfig
# ifconfig -A
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
index 5 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 68:05:ca:41:ab:45
index 1 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:1c:c0:c8:7b:fb
index 2 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 23.30.51.BBB netmask 0xfffffff8 broadcast 23.30.51.135
inet 23.30.51.CCC netmask 0xff000000 broadcast 23.255.255.255
em2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 68:05:ca:01:81:70
index 3 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=0<>
index 4 priority 0 llprio 3
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33172
index 6 priority 0 llprio 3
groups: pflog
-------------------------------------------------- route table
# route -n show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 23.30.51.BBB UGS 1478 78824401 - 8 em1
224/4 127.0.0.1 URS 0 24555 32768 8 lo0
10/8 10.0.0.1 UCn 30 286794 - 4 em0
10.0.0.1 68:05:ca:41:ab:45 UHLl 0 398742 - 1 em0
10.0.0.2 e8:06:88:ca:2c:89 UHLc 0 31426761 - 3 em0
10.0.0.3 00:0c:29:df:4b:24 UHLc 0 4620936 - 3 em0
10.0.0.4 00:25:00:f4:df:74 UHLc 1 1131140 - 3 em0
10.0.0.6 00:25:90:0d:1f:2b UHLc 0 53813 - 3 em0
10.0.0.7 a4:bf:01:0e:5a:82 UHLc 0 467144 - 3 em0
10.0.0.8 08:00:06:70:e6:88 UHLc 0 279622 - 3 em0
10.0.0.11 00:15:17:fd:c5:28 UHLc 0 148492 - 3 em0
10.0.0.18 00:15:17:26:66:ac UHLc 0 15678 - 3 em0
10.0.0.34 00:50:c2:47:8a:f3 UHLc 0 97799 - 3 em0
10.0.0.102 00:1f:f3:c9:07:22 UHLc 0 266047 - 3 em0
10.0.0.105 00:1e:52:88:2e:eb UHLc 0 675107 - 3 em0
10.0.0.111 88:6b:6e:e9:7d:a2 UHLc 0 285736 - 3 em0
10.0.0.112 00:3e:e1:c3:50:82 UHLc 0 268394 - 3 em0
10.0.0.118 00:0c:29:0b:ea:07 UHLc 0 282754 - 3 em0
10.0.0.119 38:c9:86:0a:8e:c4 UHLc 0 2173883 - 3 em0
10.0.0.126 00:13:20:d3:1c:0e UHLc 0 55388 - 3 em0
10.0.0.140 d8:30:62:49:8a:38 UHLc 0 272489 - 3 em0
10.0.0.144 00:03:ea:11:3c:ab UHLc 0 98439 - 3 em0
10.0.0.147 00:30:18:c9:44:db UHLc 0 196593 - 3 em0
10.0.0.148 00:1f:f3:c9:07:22 UHLc 0 268643 - 3 em0
10.0.0.149 f0:9f:c2:7f:bb:08 UHLc 0 3877 - 3 em0
10.0.0.151 f0:9f:c2:7f:26:c7 UHLc 0 3881 - 3 em0
10.0.0.158 78:8a:20:fa:8d:15 UHLc 1 13231 - 3 em0
10.0.0.159 3c:07:54:5b:83:97 UHLc 0 267368 - 3 em0
10.0.0.161 78:8a:20:47:ee:c9 UHLc 0 3637 - 3 em0
10.0.0.166 34:68:95:43:60:6d UHLc 0 203883 - 3 em0
10.0.0.176 00:23:df:fd:7d:28 UHLc 0 1109454 - 3 em0
10.0.0.177 00:07:e9:2f:5a:43 UHLc 0 13899 - 3 em0
10.0.0.179 90:72:40:08:52:aa UHLc 0 285996 - 3 em0
10.0.0.255 link#1 UHLc 0 286789 - 3 em0
10.255.255.255 10.0.0.1 UHb 0 27172 - 1 em0
23/8 23.30.51.CCC UCn 2 5 - 4 em1
23.2.168.6 link#2 UHRLc 0 15 - 3 em1
23.30.51.EEE/29 23.30.51.AAA UCn 1 31897 - 4 em1
23.30.51.AAA 00:1c:c0:c8:7b:fb UHLl 0 430651 - 1 em1
23.30.51.CCC 00:1c:c0:c8:7b:fb UHLl 0 1545 - 1 em1
23.30.51.BBB 6c:b0:ce:60:77:fb UHLch 2 53257 - 3 em1
23.30.51.DDD 23.30.51.AAA UHb 0 7866 - 1 em1
23.111.152.74 link#2 UHLc 0 6 - 3 em1
23.255.255.255 23.30.51.CCC UHb 0 0 - 1 em1
123.183.209.137 23.30.51.BBB UGHD 2 78822691 - L 8 em1
127/8 127.0.0.1 UGRS 0 0 32768 8 lo0
127.0.0.1 127.0.0.1 UHhl 1 106 32768 1 lo0
Internet6:
Destination Gateway Flags Refs Use Mtu Prio Iface
::/96 ::1 UGRS 0 0 32768 8 lo0
::/104 ::1 UGRS 0 0 32768 8 lo0
::1 ::1 UHhl 14 28 32768 1 lo0
::127.0.0.0/104 ::1 UGRS 0 0 32768 8 lo0
::224.0.0.0/100 ::1 UGRS 0 0 32768 8 lo0
::255.0.0.0/104 ::1 UGRS 0 0 32768 8 lo0
::ffff:0.0.0.0/96 ::1 UGRS 0 0 32768 8 lo0
2002::/24 ::1 UGRS 0 0 32768 8 lo0
2002:7f00::/24 ::1 UGRS 0 0 32768 8 lo0
2002:e000::/20 ::1 UGRS 0 0 32768 8 lo0
2002:ff00::/24 ::1 UGRS 0 0 32768 8 lo0
fe80::/10 ::1 UGRS 0 0 32768 8 lo0
fec0::/10 ::1 UGRS 0 0 32768 8 lo0
fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768 1 lo0
ff01::/16 ::1 UGRS 0 0 32768 8 lo0
ff01::%lo0/32 ::1 Um 0 1 32768 4 lo0
ff02::/16 ::1 UGRS 0 0 32768 8 lo0
ff02::%lo0/32 ::1 Um 0 1 32768 4 lo0
-------------------------------------------------- /etc/mygate
# cat /etc/mygate
23.30.51.BBB
-------------------------------------------------- /etc/pf.conf
int_if = "em0"
cable_if = "em1"
cable_gw = "23.30.51.BBB"
ext_if = "{" $cable_if "}"
gateway_ip_ext = "{ 23.30.51.AAA }"
gateway_ip_int = "{ 10.0.0.1 }"
set skip on lo
block return # block stateless traffic
pass # establish keep-state
# outgoing
pass out log on $cable_if from $int_if:network to any nat-to $gateway_ip_ext
-------------------------------------------------- pf rules
# pfctl -s rules
block return all
pass all flags S/SA
pass out log on em1 inet from 10.0.0.0/8 to any flags S/SA nat-to 23.30.51.AAA
-------------------------------------------------- /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
Respuesta1
La máscara de red del alias IP 23.30.51.CCC es demasiado grande. Debería ser 255.255.255.255.
Respuesta2
La máscara de red de la IP 23.30.51.CCC debe ser la misma que la de 23.30.51.BB:255.255.255.248