On Tue, Oct 3, 2023 at 10:10 AM David Higgs <hig...@gmail.com> wrote:
> On Mon, Oct 2, 2023 at 9:26 AM David Higgs <hig...@gmail.com> wrote: > >> On Sun, Oct 1, 2023 at 9:13 AM Zé Loff <zel...@zeloff.org> wrote: >> >>> On Sat, Sep 30, 2023 at 11:39:36AM -0400, David Higgs wrote: >>> > All of my devices until now have been behind my OpenBSD NAT router, >>> but I >>> > recently acquired a Internet of Trash device that I would like to be >>> > accessible to the internet (yes, I know). >>> > >>> > My home configuration uses a Unifi AP to translate my various SSIDs >>> into >>> > VLANs which plug into one of my APU em(4) ports. The IoT thing >>> already has >>> > its own dedicated SSID/VLAN, but doesn't enjoy living behind my NAT. >>> >>> Define "doesn't enjoy". It absolutely requires a public IP? It needs >>> some ports to be forwarded? Has some sort of network connection >>> detection that fails because some ports are blocked for outgoing >>> traffic? >>> >> >> I'm still trying to determine ground truth with manufacturer support. >> Port forwarding doesn't seem sufficient. The device can reach out just >> fine but is not remotely controllable as advertised. >> >> > Is there a way for me to bridge just one of the vlan(4) logical >>> interfaces >>> > with my other em(4) uplink, so that my IoT item can speak DHCP directly >>> > with my internet provider? >>> >> >> > Can this be done with veb/vport or bridge, or will I need to use >>> something >>> > more exotic to strip the 802.1q tags before they are sent to my ISP? >>> >> >> Self-replying here: I don't see many examples of veb(4) use online, but >> it seems as if I can add my physical uplink and the IoT VLAN both to a >> veb and attach a vport to become my new uplink. That should be logically >> equivalent to putting a three-port switch between my router and my ISP CPE, >> with the third port for the IoT device. Is anyone able to shoot holes in >> this or suggest a superior alternative, before I attempt the configuration >> later this week? >> > > I appreciate the previous replies/cluebats, but my initial attempt was > rushed and unsuccessful. > > In broad strokes, I created veb0 and added em0, vlan222, and vport0 to > it. Then I tried getting vport0 to speak DHCP with my upstream, but > nothing seemed to happen or appear in logs. > > I will have to spend more time on this to eliminate the possibility of > fat-fingering, remove various confounding variables, and produce a better > result/report. > For the archives, this worked swimmingly once I paid closer attention to what I was doing. Based on my second attempt, I hadn't put my vport0 interface up. Of course, my ISP isn't handing out more than a single IPv4 address by default, so all this has been simply a good learning experience. --david
