Quote:
Originally Posted by unixjingleman
But, when i think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ( I'm think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie 192.168.2.4 etc right?).
|
I can only assume that you are getting some dynamic DHCP address assigned from your provider. That's fine. The external interface on your firewall can be configured for dynamic addresses.
Otherwise, you are correct. A firewall must be configured with different subnets on the different interfaces. The interface used for your private network can use private addresses. You have the choice of either setting up each internal host with static IP addresses on their interfaces, or you can configure a DHCP server within your internal network to assign dynamic address.
As a newcomer to OpenBSD &
pf(4), you will save yourself significant time & aggravation by studying the
official FAQ including the
PF User's Guide along with the
pf(4) manpage. The only third-party introduction to
pf(4) worth the the time to study is Hansteen's manuscript:
http://home.nuug.no/~peter/pf/