Add route on OpenBSD for DSL modem on external network


I'd like to be able to access my DSL modem, which is acting as a bridge, from within my local network. I've got a setup like this:

{Local network 192.168.1/24}
   [OpenBSD Router]
   [Bridge DSL modem IP:]

I'd like to access the Bridge. To do this, I'd expect to have to give rl1 an address (i.e. ifconfig rl1 and then add a route (i.e. route add -ifp rl1). I've done the first part, i.e. add the router address. The relevant bit of the ifconfig on the router returns:

rl0: flags=8843 mtu 1500
        lladdr 00:20:18:dc:e3:d9
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet netmask 0xffffff00 broadcast
        inet6 fe80::220:18ff:fedc:e3d9%rl0 prefixlen 64 scopeid 0x1
rl1: flags=8843 mtu 1500
        lladdr 00:30:f1:16:28:2a
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::230:f1ff:fe16:282a%rl1 prefixlen 64 scopeid 0x2
        inet netmask 0xffffff00 broadcast
tun0: flags=8051 mtu 2048
        priority: 0
        groups: tun egress
        media: Ethernet autoselect
        status: active
        inet a.b.c.d --> w.x.y.z netmask 0xffffffff

However, I do not know the correct command to add a route for through the router. I've tried with a lot of variantes of route add ***, to no avail.

Incidentally, the router (a Speedtouch) ought to also respond on IP address

I'd be much obliged for any input and suggestions.

Thank you.


asked on Server Fault Sep 1, 2010 by Brian M. Hunt

2 Answers


I have a similar configuration that works flawlessly. Here are my recommendations:

  1. rl1 and the IP of your DSL modem should be in a DIFFERENT subnet than that of your LAN.
  2. Don’t use tun. man 4 pppoe. It works better, is more efficient and is far easier to configure.
  3. NATting the traffic that leaves rl1 is easier than routing—it’ll allow your LAN clients to easily access the DSL modem without requiring a route on the modem and without allowing the modem access to your LAN (from a firewall perspective). The following is the relevant part of my pf.conf (in your case, you can replace $aux_ether_if with rl1 and $int_80211_if with rl0):

match out on $aux_ether_if from $int_80211_if:network to $aux_ether_if:network nat-to $aux_ether_if

pass out on $aux_ether_if

Hope this helps.

answered on Server Fault Sep 1, 2010 by (unknown user)

If your OpenBSD server has the interfaces bridged, then you don't need to give it an address on rl1. Its clients should be setup to have their default gateway as The will then access your DSL modem for the Internet.

I am not sure why you have a pppoe tunnel device as that should be handled by the DSL router.


You will need to configure the BSD machine to Proxy the address on rl0 and pass the data back and forth. One way or another it will need to bridged traffic between the two interfaces. Normally I would use or some other pool on the rl0 side. Then configure the OpenBSD machine as the default router for that network, NATing all traffic. If it has the DSL modem as its default router all should be well. However, either the DSL modem or OpenBSD system will need to NAT the addresses going out on the ISP side. I would expect the DSL modem to do this for you.

answered on Server Fault Sep 1, 2010 by BillThor • edited Sep 1, 2010 by BillThor

User contributions licensed under CC BY-SA 3.0