OK, great, that's helpful. The machines are all pointing to the openbsd server as their default gateway. the nat is only being used to get out to the internet (em0). internal subnets do not use nat to communicate. I don't want to use any routing protocol for this, but just simple firewall rules to allow or deny the traffic.
I'll read through some more docs to gain more information. Thanks Giancarlo! On Wed, Aug 19, 2015 at 5:14 PM, Giancarlo Razzolini <grazzol...@gmail.com> wrote: > Em 19-08-2015 16:50, Dot Yet escreveu: > > So, can one of you help me understand how I can write the pf rules to > allow > > communication between em1 and vlan 12/15 or communication between vlan 12 > > and vlan 15 etc. > > If all machines have OpenBSD as their gateway, simple pass rules should > do. No need for nat nor anything. Now, if some of these networks do not > have the OpenBSD machine as its gateway, but the OpenBSD machine has > access to the network, then you will need nat. You can have other things > such as routes being passed using DHCP, RIP (or other internal routing > protocol), etc. Assuming the OpenBSD machine can communicate with every > network and every machine on it, you have plenty of options. > > Cheers, > Giancarlo Razzolini
