On Mon, Oct 2, 2023 at 9:26 AM David Higgs <hig...@gmail.com> wrote:
> On Sun, Oct 1, 2023 at 9:13 AM Zé Loff <zel...@zeloff.org> wrote: > >> On Sat, Sep 30, 2023 at 11:39:36AM -0400, David Higgs wrote: >> > All of my devices until now have been behind my OpenBSD NAT router, but >> I >> > recently acquired a Internet of Trash device that I would like to be >> > accessible to the internet (yes, I know). >> > >> > My home configuration uses a Unifi AP to translate my various SSIDs into >> > VLANs which plug into one of my APU em(4) ports. The IoT thing already >> has >> > its own dedicated SSID/VLAN, but doesn't enjoy living behind my NAT. >> >> Define "doesn't enjoy". It absolutely requires a public IP? It needs >> some ports to be forwarded? Has some sort of network connection >> detection that fails because some ports are blocked for outgoing >> traffic? >> > > I'm still trying to determine ground truth with manufacturer support. > Port forwarding doesn't seem sufficient. The device can reach out just > fine but is not remotely controllable as advertised. > > > Is there a way for me to bridge just one of the vlan(4) logical >> interfaces >> > with my other em(4) uplink, so that my IoT item can speak DHCP directly >> > with my internet provider? >> > > > Can this be done with veb/vport or bridge, or will I need to use >> something >> > more exotic to strip the 802.1q tags before they are sent to my ISP? >> > > Self-replying here: I don't see many examples of veb(4) use online, but it > seems as if I can add my physical uplink and the IoT VLAN both to a veb and > attach a vport to become my new uplink. That should be logically > equivalent to putting a three-port switch between my router and my ISP CPE, > with the third port for the IoT device. Is anyone able to shoot holes in > this or suggest a superior alternative, before I attempt the configuration > later this week? > I appreciate the previous replies/cluebats, but my initial attempt was rushed and unsuccessful. In broad strokes, I created veb0 and added em0, vlan222, and vport0 to it. Then I tried getting vport0 to speak DHCP with my upstream, but nothing seemed to happen or appear in logs. I will have to spend more time on this to eliminate the possibility of fat-fingering, remove various confounding variables, and produce a better result/report. Silly question, does it even make sense to add a single vlan interface to a veb? Is there maybe parent confusion between veb0 and em2 (Wifi AP iface)? Thanks. --david