On Tue, May 01, 2007 at 01:46:11PM -0700, Jonathan Whiteman wrote:
> Hey everyone,
>
> I've got a really stupid but really simple question. If I have an
> openbsd machine acting as an internal router (private IP addresses on
> all interfaces) for several subnets that have to share physical ethernet
> devices, should I use IP aliases or vlans, and in either case, would I
> need packetfilter as well?
Jason already mentioned vlans; listen to him.
Aside from that, no, you don't need pf to run a router. You do, however,
need pf if you want to do NAT. Or if you want to do anything useful with
those VLANs (VLANs aren't that useful if you can still send arbitrary
data to arbitrary ports on arbitrary hosts...)
However, set it up without pf first. That gives you one less thing to
debug at once, and it's not hard to add pf to a router afterwards.
Joachim
--
TFMotD: awk (1) - pattern-directed scanning and processing language
