On 9/24/15, Kapetanakis Giannis <[email protected]> wrote:
> On 24/09/15 22:41, patrick keshishian wrote:
>> Hi,
>>
>> I'm pretty sure I'm over-thinking this, so I thought I'd step back and
>> see if I can get some hints as how this sort of a set-up is done
>> "properly" by pros.
>>
>>
>> Say, existing set up:
>>
>> [internet] -- [pf] -- [ public-ip-net/24 ]
>>
>>
>> Want to add/connect a private 192.168.0/24 to existing [
>> public-ip-net/24]:
>>
>> ... [ public-ip-net/24] -?- [ obsd box ] -- [ 192.168.0/24 ]
>>
>>
>> Goals:
>> 1. Hosts in both networks "talk" with one another freely.
>> e.g., hosts in existing network see hosts in to-be-added 192
>> network, as they are; i.e., not NAT-ed. And vice versa.
>> 2. Hosts in 192.168.0/24 have access to the internet through
>> the same/existing gateway.
>>
>>
>> I lack some knowledge wrt to the subject, where I think, I am
>> filling the "holes" with, possibly, far too complicated ideas.
>>
>> Appreciate any and all help offered.
>>
>> Thanks,
>> --patrick
>
> First of all you don't need a second obsd/pf router for this.
>
> Either put the private network on a secondary ip on the same
> vlan/interface as the public
> or use a new vlan/interface for the private network.
>
> pf can be tuned to fit you filtering needs.
>
> Do the nat on [pf] box only for packets going out on its egress interface.
Thanks Daniel and Kapetanakis for replies.
I read some on vlans (as I knew next to nothing about them).
I think I'm still not completely clear on how they would work,
unless vlan-capable switch is used, which the current set-up lacks;
The only reference I found, which explicitly states this, is M. Lucas's
book ("Absolute OpenBSD...").
--patrick
