Thanks for the response. We rebuilt the box from scratch. Now we seem to have connectivity.

One thing we noticed is netstat -r takes forever to execute on the bsd 3.7 system, even after we rebuilt it. Is this normal? On the existing system running 3.5 it executes immediately. The old system is an obsolete gateway workstation. The new boxes are dell 1850 servers.

We haven’t configured DNS and all rules are based on IP. We have static routes pointing to the external router as default and the pix as the route to our internal net. This worked well for BSD 3.5 although we have had hardware reliability issues with the old workstations.
rt

If the machine’s not coming back with its own routes immediately (or almost immediately), there’s a problem somewhere.

You mentioned you were building this as a firewall, I would assume your rules are to dump anything you don’t explicitly allow - have you allowed localhost (127.0.0.1) traffic? What happens if you apply your ruleset to one of the other boxes?

As a side note, I believe that disabling pf still does not open your system up, try “iptables -L” to make sure.

During our connectivity tests we have pf disabled. iptables isn’t a part of OpenBSD. When I run netstat -r, it takes about 19 minutes to display the ipv4 routes. default, loopback, and localhost happen immediately. In our tests, we haven’t tried anything requiring another hop yet, but pings to adjacent systems don’t seem to be a problem.
Thanks.
rt

I think I figured out the netstat issue. On our test lab we aren’t running DNS. When I ran netstat -rn the table scrolled by immediately. I believe the system was trying to find DNS names for the addresses in the route table.
Thanks for the responses. Now all I have to figure out is why one of our linux test boxes will ping out but doesn’t respond to pings,(even after changing the hardware and rebuilding from scratch). This was the source of much confusion during our connectivity tests.
rt