On Fri, Apr 24, 2009 at 12:12 PM, openbsder <openbs...@gmail.com> wrote:
> I am currently interested in setting up a three-legged network topology, > using OBSD+PF as the firewall appliance. Originally, I was going to simply > have the firewall equipped with three network cards: one for DMZ, one for > LAN, the other for EXT/WAN/Internet (whatever you call this). The idea was > for a switch to be used on both DMZ and LAN, providing NAT on both > segments. > Pretty straight forward. > > Recently, it has been suggested that a transparent firewall implementation > is ideal where possible. But as far as I understand, transparency is only > available when the firewall acts as a bridge between TWO networks. How > would > I keep my DMZ and LAN both while using a bridging firewall. Is it even > possible? What do you mean? Whether OpenBSD supports bridging? Whether PF supports L2-based filtering? Whether you can have two interfaces in a bridge and have, at the same time, L2-based filtering and L3-based filtering? By L2-based filtering I mean having the firewall inspect frames/packets from interfaces that are bridged together that do not have an IP address configured (i.e. L2-switching). -- http://www.felipe-alfaro.org/blog/disclaimer/