Hello, I am trying to set up a router with a fresh install of OpenBSD 7.2, and I'm having a hard time grokking how to use veb.
I have organized my network into 4 subnets: - DHCP "WAN" - 192.168.0.0/24 "LAN" - 192.168.2.0/24 "IOT" - 192.168.3.0/24 "Guest" My computer has 4 interfaces em{0..3} and my desired setup has the following qualities: - em0 is the WAN uplink with DHCP - em1 is the uplink to my WAP and carries all 3 internal networks, with "LAN" untagged and "IOT" and "Guest" tagged as VLAN 1102 and 1103, respectively - em2 carries only "LAN", untagged - em3 carries only "IOT", untagged I think I should have configuration files like: hostname.em0: inet autoconf hostname.em{1..3}: up hostname.veb0: add em1 add em2 add em3 add vport0 # ?? add vport1 # ?? up As for the vlan and vport interfaces, I have no idea. After this, of course, I will want to do some filtering with pf (such as hosts on "IOT" and "Guest" not having access to hosts on "LAN.") My questions are thus: 1) What is the proper network configuration to achieve the above goal? 2) What is the right way to filter packets transiting between subnets in this configuration? I see in the man page that the directionality of packets emerging from a veb to the network stack is not normal. I've seen things with adding groups to the interfaces, but not sure what that gets me that using interface names in pf.conf doesn't. Thanks in advance for any help that you can provide! Scott