View Single Post
  #5   (View Single Post)  
Old 17th August 2011
tomp's Avatar
tomp tomp is offline
Real Name: Tom Purvis
Local Area Nitwit
Join Date: Aug 2011
Location: Colorado
Posts: 17
Default clarifying question:

Originally Posted by ocicat View Post
... If the contract you have with your ISP is to supply you a single IP address, & you wish to have several hosts on the internal network each individually connect to the Internet independently, the only solution you have is to configured NAT at the exterior router -- in other words, configure NAT in pf(4).

If you configured your OpenBSD pf(4) system as a bridge, it will be acting as a switch with only two ports. If you are familiar with the OSI networking model, the OpenBSD system will be functioning at Layer 2/Data link layer instead of Layer 3/Networking layer (routers). As a bridge, your OpenBSD system will not have IP addresses assigned to its interfaces. However, note that configuring your OpenBSD system as a bridge will also mean that it cannot be configured for NAT. Only a single device can be connected on each side of this bridge...
We do have a single internet IP address.

What I hear you saying is that I have two options that will work, the first one where the DSL Modem/Router goes to bridge mode with NAT and Firewall off, and then our OpenBSD box functions as a NAT router and firewall via PF. And the second one where the Modem/Router does NAT, the current BSD box is a bridge, and there's another box of some kind that does the routing.


I think the former option is the way we will go.

Thanks everyone. This forum is very useful.
Reply With Quote