Jonas Lindskog wrote: > We are running Open BSD 3.8 as a firewall router. The router has two > internal networks to handle; a DMZ with "real" > ip adresses and a NAT network to which our workstations are connected. > The problem I have is that its not possible to > connect to the server on the DMZ (ip 38.87.5.122, netmask > 255.255.255.252) from the outside (but from the inside). > I guess that I somehow has to make the external interface listen to > the same adress as the server (they are on the same net), but if I add > an alias to the external interface it doesn't (of course) route > packages to the DMZ. How do I make OpenBSD route packages to the > server (and the DMZ subnet)? > > Our ISP has given us a net that has the following data: > > Net segment: 38.87.5.112 /28 > net address: 38.87.5.112 > gw address: 38.87.5.113 > firewall: 38.87.5.114 > free ip ip: 38.87.5.115-126 > broadcast address: 38.87.5.127 > netmask: 255.255.255.240 > > the server has the following interfaces configured: > ### interfaces #### > #external interface > inet 38.87.5.114 255.255.255.240 NONE > > #internal interface > inet 192.168.97.254 255.255.255.0 NONE > > # dmz > inet 38.87.5.121 255.255.255.252 NONE
This is not an OpenBSD issue--you might want to learn about IP routing. Either loose a bunch IPs and route the traffic properly, by putting 38.87.5.114/30 on your external interface and 38.87.5.121/29 on your DMZ interface, or use NAT for everything. There might be a better way to route this without loosing any IPs, but, if so, I haven't thought about it/done it before.
