Hello,
I am trying get a new ISP setup working. The Router is
causing some pain. There is a /28 public block assigned.
The DSL router can't be configured in transparent bridge
mode (they say). It holds on to one of the /28 addresses.
The setup looks something like this:
(and hopefully the ascii "art" remains intact from gmail)
( internet )
|
| [WAN IP]
+-----o------+
/ DSL ROUTER / <-- Transparent bridge mode NOT possible
+-----o------+
| [ one of /28 Public IPs = $dslgw_ip ]
|
|
| $ext
+-----o------+
| |
| OpenBSD/pf o--- ( rest of /28 Public IP network )
| | $dmz (DMZ: httpd, smtpd, ...)
+-----o------+
$lan | [10.x.x.1]
|
( 10.x.x.x network )
As far as networking goes, I need to be spoken to as if I'm
a fledgling.
I want to do the obvious: use OpenBSD/pf(4) to:
- Filter traffic from $ext to $dmz
- Filter traffic from $dmz outbound
- Filter traffic from $lan (10.x.x.x) to $dmz
- NAT traffic from $lan (10.x.x.x) outbound to internet
I'm bridge(4)-ing $ext and $dmz. Which means I must give
one of the /28 public IP addresses to either $ext or $dmz
to be able to do:
# route add default $dslgw_ip
(!?)
Am I missing something?
Is there a better way to configure things?
Thanks,
--patrick
