On 24/09/15 22:41, patrick keshishian wrote:
Hi,
I'm pretty sure I'm over-thinking this, so I thought I'd step back and
see if I can get some hints as how this sort of a set-up is done
"properly" by pros.
Say, existing set up:
[internet] -- [pf] -- [ public-ip-net/24 ]
Want to add/connect a private 192.168.0/24 to existing [ public-ip-net/24]:
... [ public-ip-net/24] -?- [ obsd box ] -- [ 192.168.0/24 ]
Goals:
1. Hosts in both networks "talk" with one another freely.
e.g., hosts in existing network see hosts in to-be-added 192
network, as they are; i.e., not NAT-ed. And vice versa.
2. Hosts in 192.168.0/24 have access to the internet through
the same/existing gateway.
I lack some knowledge wrt to the subject, where I think, I am
filling the "holes" with, possibly, far too complicated ideas.
Appreciate any and all help offered.
Thanks,
--patrick
First of all you don't need a second obsd/pf router for this.
Either put the private network on a secondary ip on the same
vlan/interface as the public
or use a new vlan/interface for the private network.
pf can be tuned to fit you filtering needs.
Do the nat on [pf] box only for packets going out on its egress interface.
G
