On Apr 12, 6:41=A0pm, Dimitar <[email protected]> wrote:
> Hello,
> I'm setting a 4.7-current alix box with the following setup
>
> INET DHCP------ALIX
Sorry for re post - shortage of sugar.
So the setup is
INET------ALIX-----------------------<DHCP>---WRT----INET2
| |
|
-- --
USRLAN
sw1 sw2
| |
-------------
PLAYGROUND
Hardware:
ALIX OBSD 4.7-current
VLAN-capable switches
WRT box
Goals:
1. Use routing domains to split USRLAN, PLAYGROUND and INET . INET is
in routing domain 0
2. Reach PLAYGROUND from USRLAN
3. Allow only SSH from INET to PLAYGROUND
4. Have a mgmt LAN for switch and infrastructure stuff reachable from
USRLAN.
5. Have rdomain for backup INTERNET in the future
My question is :
if I specify a route label in my /etc/hostname.if file like
# cat /etc/hostname.vge2
inet 192.168.2.14 255.255.255.240 NONE rdomain 1 rtlabel mgmt
cat /etc/hostname.vge3
inet 10.10.10.1 255.255.255.0 NONE rdomain 2 rtlabel usrlan
and then specify the rtlabel in the pf.conf will it be enough for pf
to switch the routing domains?
Sample rule I'm thinking of using:
pass in from route usrlan to route mgmt port 80 keep state?
Comments, rants, improvements are highly appreciated.
Thanks in advance
