On Fri, Sep 25, 2015 at 1:20 PM, patrick keshishian <[email protected]> wrote: > On 9/24/15, Kapetanakis Giannis <[email protected]> wrote: >> On 24/09/15 22:41, patrick keshishian wrote: >>> I'm pretty sure I'm over-thinking this, so I thought I'd step back and >>> see if I can get some hints as how this sort of a set-up is done >>> "properly" by pros. >>> >>> Say, existing set up: >>> >>> [internet] -- [pf] -- [ public-ip-net/24 ] >>> >>> Want to add/connect a private 192.168.0/24 to existing [ >>> public-ip-net/24]: >>> >>> ... [ public-ip-net/24] -?- [ obsd box ] -- [ 192.168.0/24 ] >>> >>> Goals: >>> 1. Hosts in both networks "talk" with one another freely. >>> e.g., hosts in existing network see hosts in to-be-added 192 >>> network, as they are; i.e., not NAT-ed. And vice versa. >>> 2. Hosts in 192.168.0/24 have access to the internet through >>> the same/existing gateway. >>> >>> I lack some knowledge wrt to the subject, where I think, I am >>> filling the "holes" with, possibly, far too complicated ideas. >> >> First of all you don't need a second obsd/pf router for this. >> >> Either put the private network on a secondary ip on the same >> vlan/interface as the public >> or use a new vlan/interface for the private network. >> >> pf can be tuned to fit you filtering needs. >> >> Do the nat on [pf] box only for packets going out on its egress interface. > > Thanks Daniel and Kapetanakis for replies. > > I read some on vlans (as I knew next to nothing about them). > I think I'm still not completely clear on how they would work, > unless vlan-capable switch is used, which the current set-up lacks; > The only reference I found, which explicitly states this, is M. Lucas's > book ("Absolute OpenBSD...").
You will need a VLAN-capable switch for VLANs--so, if you don't have this, I recommend adding another NIC to the pf box.
