On Tuesday, January 16, 2007, Charles Farinella wrote: > I have an OpenBSD 3.9 machine with a public IP providing NAT > and firewalling for our internal network. It has 3 interfaces: > > dc0: public ip from internet X.X.X.25 > dc1: 192.168.100.x to internal network. This works well. > dc2: 192.168.200.x --> to Windows server. > > I need to allow public access to the Windows server connected > to dc2 (one port only). Currently I have a private network > address assigned to > dc2 and a public one (X.X.X.26) assigned to the machine > connected to it.
Your network will be difficult at best to manage in your current configuration, it can be done, but not without some serious wasted effort in my opinion. I'm still trying to figure out how you're going to route a known public ip address (x.x.x.26) over an interface (192.168.200.x) assigned with a private network address. Are you planning on adding manual route statements on the x.x.x.26 web server to the 192.168.200.x 'net? What would be your default gateway on the x.x.x.26 server? I can only imagine the route, nat, rdr, and other pf statements you'd need to accomplish this. Switch this logic, assign the public IP address x.x.x.26 to dc2 and the private address 192.168.200.x to the Windows server. Physically connect dc2 to your WAN, make sure you add appropriate block in log rules in pf.conf. Add your rdr and pass in statements and your done. PF is great, OpenBSD is a powerful OS, however, physical, data, and network-layer stuff is necessary too. Good Luck ------------------------------------------------------------------------ --------------- Todd M. Boyer, CISSP AutumnTECH, LLC http://www.AutumnTECH.com ------------------------------------------------------------------------ ---------------
