On 20.1.2023. 20:09, patrick keshishian wrote: > Hello, > > I am trying get a new ISP setup working. The Router is > causing some pain. There is a /28 public block assigned. > The DSL router can't be configured in transparent bridge > mode (they say). It holds on to one of the /28 addresses. > > The setup looks something like this: > (and hopefully the ascii "art" remains intact from gmail) > > ( internet ) > | > | [WAN IP] > +-----o------+ > / DSL ROUTER / <-- Transparent bridge mode NOT possible > +-----o------+ > | [ one of /28 Public IPs = $dslgw_ip ] > | > | > | $ext > +-----o------+ > | | > | OpenBSD/pf o--- ( rest of /28 Public IP network ) > | | $dmz (DMZ: httpd, smtpd, ...) > +-----o------+ > $lan | [10.x.x.1] > | > ( 10.x.x.x network ) > > > As far as networking goes, I need to be spoken to as if I'm > a fledgling. > > I want to do the obvious: use OpenBSD/pf(4) to: > - Filter traffic from $ext to $dmz > - Filter traffic from $dmz outbound > - Filter traffic from $lan (10.x.x.x) to $dmz > - NAT traffic from $lan (10.x.x.x) outbound to internet > > > I'm bridge(4)-ing $ext and $dmz. Which means I must give > one of the /28 public IP addresses to either $ext or $dmz > to be able to do: > > # route add default $dslgw_ip > > (!?) > > Am I missing something? > Is there a better way to configure things? > > Thanks, > --patrick >
Hi, If your ext interface is in same subnet as that /28 from your ISP then you could: - use veb(4) to bridge ext, dmz and vport(4) interface and add default route to dslgw_ip. vport is ip interface for veb - or on ext interface put ip alias with ip addresses from /28 public range and than do binat-to or nat-to in pf to hosts in dmz or maybe i totally misunderstood you :)
