Hi,
I'm trying to set up a Sparcstation 4 with a quad ethernet card (5
interfaces total) to act as a router; it needs to do NAT and authpf for
the internal clients, which will get ip addresses using DHCP. I've done
this successfully with a 2-interface machine before, but am not sure how
this would best be done with multiple internal interfaces.
What I'm not sure about is how best to connect the internal machines,
and to configure the internal interfaces. I have two hubs and a
wireless access point, and thought I could connect each to one of the
ports on the quad ethernet card. But then here's a catch: for
simplicity, I would like to have all those on the same internal network
(192.168.0.0/24), so that all internal clients can use the same internal
gateway -- based on the old gateway, existing clients already know and
are configured to ssh to 192.168.0.1 for authpf, and it would be good
not to have to change that or add options depending on which hub they're
using, or whether they're using the wireless access point.
So, what I have in mind is this:
wireless ap --- (qe0) --- [ss4/openbsd] --- (le0) --- external net
|
hub #1 --- (qe1) ----- |
|
hub #2 --- (qe2) ----- |
Internally, qe0, qe1, and qe2 should all be accessible as 192.168.0.1,
the gateway for 192.168.0.0/24. NAT should translate that traffic on
le0 to le0's public address. Whether or not traffic will get through
should depend on authpf.
How, then, should I configure the internal interfaces? Should I give
qe0 the 192.168.0.1 address and bridge qe0, qe1, and qe2? But then,
since it's not recommended to filter on multiple bridge interfaces, how
would I filter for authpf? Or is there a better way to configure and/or
route things?
Many thanks,
Marc
--
Marc Ozon Toronto, Ontario, Canada
