Re: bridge(4) question new network setup
On Fri, Jan 20, 2023 at 11:09:47AM -0800, patrick keshishian wrote: > Hello, > > I am trying get a new ISP setup working. The Router is > causing some pain. There is a /28 public block assigned. > The DSL router can't be configured in transparent bridge > mode (they say). It holds on to one of the /28 addresses. i'm sure they say that, but that doesn't mean it's impossible. this will be a lot easier and more useful if you can get a dsl modem into bridge/transparent mode and do all the routing on your own box. that would also give you the option to do fun stuff like NOT putting the /28 onto an ethernet network so you could you use all 16 of the IPs on dmz hosts instead of losing some to network/broadcast/gateway. > The setup looks something like this: > (and hopefully the ascii "art" remains intact from gmail) > >( internet ) > | > | [WAN IP] > +-o--+ > / DSL ROUTER / <-- Transparent bridge mode NOT possible > +-o--+ > | [ one of /28 Public IPs = $dslgw_ip ] > | > | > | $ext > +-o--+ > || > | OpenBSD/pf o--- ( rest of /28 Public IP network ) > || $dmz (DMZ: httpd, smtpd, ...) > +-o--+ > $lan | [10.x.x.1] > | > ( 10.x.x.x network ) > > > As far as networking goes, I need to be spoken to as if I'm > a fledgling. > > I want to do the obvious: use OpenBSD/pf(4) to: > - Filter traffic from $ext to $dmz > - Filter traffic from $dmz outbound > - Filter traffic from $lan (10.x.x.x) to $dmz > - NAT traffic from $lan (10.x.x.x) outbound to internet > > > I'm bridge(4)-ing $ext and $dmz. Which means I must give > one of the /28 public IP addresses to either $ext or $dmz > to be able to do: > > # route add default $dslgw_ip > > (!?) > > Am I missing something? > Is there a better way to configure things? > > Thanks, > --patrick >
Re: bridge(4) question new network setup
On 20.1.2023. 20:09, patrick keshishian wrote: > Hello, > > I am trying get a new ISP setup working. The Router is > causing some pain. There is a /28 public block assigned. > The DSL router can't be configured in transparent bridge > mode (they say). It holds on to one of the /28 addresses. > > The setup looks something like this: > (and hopefully the ascii "art" remains intact from gmail) > >( internet ) > | > | [WAN IP] > +-o--+ > / DSL ROUTER / <-- Transparent bridge mode NOT possible > +-o--+ > | [ one of /28 Public IPs = $dslgw_ip ] > | > | > | $ext > +-o--+ > || > | OpenBSD/pf o--- ( rest of /28 Public IP network ) > || $dmz (DMZ: httpd, smtpd, ...) > +-o--+ > $lan | [10.x.x.1] > | > ( 10.x.x.x network ) > > > As far as networking goes, I need to be spoken to as if I'm > a fledgling. > > I want to do the obvious: use OpenBSD/pf(4) to: > - Filter traffic from $ext to $dmz > - Filter traffic from $dmz outbound > - Filter traffic from $lan (10.x.x.x) to $dmz > - NAT traffic from $lan (10.x.x.x) outbound to internet > > > I'm bridge(4)-ing $ext and $dmz. Which means I must give > one of the /28 public IP addresses to either $ext or $dmz > to be able to do: > > # route add default $dslgw_ip > > (!?) > > Am I missing something? > Is there a better way to configure things? > > Thanks, > --patrick > Hi, If your ext interface is in same subnet as that /28 from your ISP then you could: - use veb(4) to bridge ext, dmz and vport(4) interface and add default route to dslgw_ip. vport is ip interface for veb - or on ext interface put ip alias with ip addresses from /28 public range and than do binat-to or nat-to in pf to hosts in dmz or maybe i totally misunderstood you :)
bridge(4) question new network setup
Hello, I am trying get a new ISP setup working. The Router is causing some pain. There is a /28 public block assigned. The DSL router can't be configured in transparent bridge mode (they say). It holds on to one of the /28 addresses. The setup looks something like this: (and hopefully the ascii "art" remains intact from gmail) ( internet ) | | [WAN IP] +-o--+ / DSL ROUTER / <-- Transparent bridge mode NOT possible +-o--+ | [ one of /28 Public IPs = $dslgw_ip ] | | | $ext +-o--+ || | OpenBSD/pf o--- ( rest of /28 Public IP network ) || $dmz (DMZ: httpd, smtpd, ...) +-o--+ $lan | [10.x.x.1] | ( 10.x.x.x network ) As far as networking goes, I need to be spoken to as if I'm a fledgling. I want to do the obvious: use OpenBSD/pf(4) to: - Filter traffic from $ext to $dmz - Filter traffic from $dmz outbound - Filter traffic from $lan (10.x.x.x) to $dmz - NAT traffic from $lan (10.x.x.x) outbound to internet I'm bridge(4)-ing $ext and $dmz. Which means I must give one of the /28 public IP addresses to either $ext or $dmz to be able to do: # route add default $dslgw_ip (!?) Am I missing something? Is there a better way to configure things? Thanks, --patrick
Re: Making MS teams work on openbsd
On 2023 Jan 20 (Fri) at 19:20:10 +1100 (+1100), curmudg...@telaman.net.au wrote: :Perhaps doing up a package of Jami for BSDs would be a cleaner/better option? People don't _want_ to run MS Teams. People _need_ to run MS Teams so they can communicate with co-workers or partner companies. Offering some random other service, won't actually help solve that problem. -- Keep emotionally active. Cater to your favorite neurosis.
Re: Making MS teams work on openbsd
On 2023-01-20 17:25, Divan Santana wrote: Thomas Frohwein writes: On Wed, Jan 18, 2023 at 10:19:25PM +0200, Divan Santana wrote: Greetings friends :) In short MS teams works via chrome on openbsd7.2 for me except for the camera. I was on an MS Teams meeting a few weeks ago with camera working. The main issue from my experience was the web client auto disconnecting after a while. I guess it's somewhat hardware based. (The camera with webrtc works fine for other sites, just not teams) The screen share too works, but not the camera. It detects the camera, but when you try switch it on, it remains black. I've seen testing/preview camera output being just a black rectangle, but it worked in the meeting itself. Yeah for me, it's black in screen preview and when one goes into the meeting it doesn't work immediately with something like "Your camera stopped working" says teams... Shortly after visiting teams I went to jitsi in the same chrome browser. When I joined the meeting, my openbsd72 system froze with the fans making lots of noise. That also happens sometimes to me. This is with export ENABLE_WASM=1 on. My camera is via usb: Jan 19 22:01:24 swift /bsd: uvideo0 at uhub1 port 9 configuration 1 interface 0 "Logitech Webcam C310" rev 2.00/0.12 addr 5 But generally the camera normally works in chrome at jitsi and other sites. Creating a virtual camera with lower specs, may be worth a shot. Any workaround is better then nothing, painful or not. Perhaps doing up a package of Jami for BSDs would be a cleaner/better option? I wouldn't pollute my harddrive with anything MS, quite frankly. For me, straightaway that would be a security issue, at the least. https://jami.net/ Cheers!
