Hello,
I am trying to set up a router with a fresh install of OpenBSD 7.2,
and I'm having a hard time grokking how to use veb.
I have organized my network into 4 subnets:
- DHCP "WAN"
- 192.168.0.0/24 "LAN"
- 192.168.2.0/24 "IOT"
- 192.168.3.0/24 "Guest"
My computer has 4 interfaces em{0..3} and my desired setup has the
following qualities:
- em0 is the WAN uplink with DHCP
- em1 is the uplink to my WAP and carries all 3 internal networks,
with "LAN" untagged and "IOT" and "Guest" tagged as VLAN 1102
and 1103, respectively
- em2 carries only "LAN", untagged
- em3 carries only "IOT", untagged
I think I should have configuration files like:
hostname.em0:
inet autoconf
hostname.em{1..3}:
up
hostname.veb0:
add em1
add em2
add em3
add vport0 # ??
add vport1 # ??
up
As for the vlan and vport interfaces, I have no idea.
After this, of course, I will want to do some filtering with pf
(such as hosts on "IOT" and "Guest" not having access to hosts on
"LAN.")
My questions are thus:
1) What is the proper network configuration to achieve the above
goal?
2) What is the right way to filter packets transiting between subnets
in this configuration? I see in the man page that the directionality
of packets emerging from a veb to the network stack is not normal.
I've seen things with adding groups to the interfaces, but not
sure what that gets me that using interface names in pf.conf
doesn't.
Thanks in advance for any help that you can provide!
Scott
