First and most importantly, I would like to apologize to anyone who was
disturbed by my conversation. It is not my intention to offend people. I
may be curt, but that's not because it's in my character. In daily life
I work with electronics and computers and am much less familiar with
networks. I don't need this knowledge for what I do in daily life. It is
therefore difficult for me to estimate what is important to link back to
this mailing list. So if I am curt, please try to remember that it is
not intentional, but a matter of lack of knowledge. Again, I don't want
to hurt anyone.
Second, the firewall. This is set up as a bridge with the following
hardware:
https://www.amazon.nl/dp/B0B6J89MXJ?ref=ppx_pop_dt_b_asin_image&th=1.
The Ethernet connections ETH1 ... ETH4 are translated by OpenBSD to igc0
... igc3. Connection igc0 is the input that goes to the ISDN modem, and
igc1 and igc2 are the two outputs that go to the internal network. These
two connections are more flexible for the underlying network. This makes
it possible to connect two different networks, if desired, albeit with
one and the same IP range (192.168.2.0/24), or two different networks,
if so configured. So two possibilities (which is best?). So there is no
need to use two connections at the same time, although this should be
possible. Finally, connection igc3. This is given the IP address
192.168.2.252, because it is intended for remote administration,
including upgrades. This connection will therefore not be part of the
firewall bridge, and will therefore not appear in pf.conf. The internal
network consists mainly of regular clients, so no email, web or name
servers. These clients will work with Linux, mac OSX, or OpenBSD, but
not Windows, but there will be a small file server or NAS. This file
server or NAS is only intended for the clients in the network and has no
connection to the internet. For now it is important to get ping and
traceroute working properly, after which work on normal internet traffic
can be started. What I'm wondering is whether I need NAT for my firewall
configuration. This is my plan for my firewall. It seems to me that
there are much more difficult configurations than this one. I hope there
are still people who are willing to help me.
Op 16-04-2024 om 07:24 schreef Peter N. M. Hansteen:
I give up.
The obviously incomplete, hand edited ifconfig output shows three
interfaces that are (or appear to be, judging from the excerpts that
we are given) not configured with IP addresses, two of which
have a link, while the last does not.
For reasons unknown these three are joined in a three-way bridge.
>From the tiny crumbs of information you have deigned to reveal to us,
it is not at all clear what it is you are trying to achieve.
That this configuration does not do anything useful is however no
surprise at all.
Once you can describe what it is your Rube Goldberg contraption
is supposed to do, competent people here might offer some advice
on how to make things work properly.
Until that happens, I for one will simply ignore anything from that
source.
