Hello misc@, I don't know if this is really a packet filtering, or DMZ kind of query. What I've looked at so far (eg: http://www.openbsd.org/faq/pf/queueing.html) doesn't really describe what I'm trying to do. I hope someone can help.
I have a range (a /28) of real IP addresses. The openbsd box (4.0, soon to be upgraded to 4.4) functions as a firewall/router. It forwards packets to the speedtouch router that manages the connection. All the speedtouch router does is to accept traffic for this range, it does not do NAT. presently the openbsd box nats everything. The openbsd box sits behind the router. It has 4 NICs in it: fxp0 to the speedtouch fxp1 for a network that I want to be unfiltered, in other words, real IPs (wired) fxp2 the top usable real IP - this I want to nat behind, it is for wireless fxp3 is unused. Is this a DMZ for fxp1? I don't need this traffic to be processed by the openbsd box, I just want it to go down the right interface. From what I've read, a DMZ involves some queuing/processing. Not sure if my nomenclature is right for what I'm describing. Is there a howto for what I'm trying to do? Do I have to split the /28? many thanks -- John
