Quote:
Originally Posted by SchippStrich
If the two internal interface are attached to the box running PF with my default deny policy, wouldn't traffic be blocked on all interfaces unless explicitly mentioned to pf?
That's how I understand it.
|
That is correct, with a default deny policy you have to explictly define rules which allow traffic between192.168.1.0/24 and 192.168.2.0/24.
But you also need to define default gateways.
- The boxes of the 192.168.1.0/24 network need to define192.168.1.1 as the default gateway.
This means that all traffic with a non-192.168.1.0 destination needs to directed to 192.168.1.1.
- The wireless clients on 192.168.2.0/24 need to be told that 192.168.2.1 is the default gateway.
Here the non-192.168.2.0 packets need to be sent to 192.168.2.1
You can set the default gateway on OpenBSD machines without rebooting with
Code:
# route add default 192.168.1.1
For a permanent, reboot surviving setting use
Code:
# echo 192.168.1.1 >/etc/mygate
Or configure DHCP on the OBSD router to do this.