View Single Post
  #5   (View Single Post)  
Old 16th January 2011
unixjingleman unixjingleman is offline
Fdisk Soldier
 
Join Date: Jan 2011
Posts: 70
Default

The border router has it's own firewall. The OpenBSD box was going to be just the firewall for the internal network. So i have a firewall protecting the servers(on the border router) and a firewall protecting the internal network. The OpenBSD box would just separate the internal network from the perimeter network and control access between these two areas. Like i say i tried to have the OpenBSD box as a triple-homed box that was in the border router's DMZ but this proved too tricky, due to the fact that the border router is just a home router.
What i needed to know is: Is it alright to have all interfaces apart from the OpenBSD dedicated firewall's external interface configured as static internal addresses that are all on the same subnet as the border router's internal interface(192.168.1.*) but are outside of the dhcp range(addresses that the border router gives out)?. Or should i assign a static internal I.P address for the OpenBSD box's internal interface that is on a different subnet to it's external interface(192.168.2.*) and then have this internal interface do dhcp and N.A.T for the internal network and give out addresses to the internal network that are on the 192.168.2.* subnet?.
So should i do:
Code:
      192.168.2.10     192.168.1.67               192.168.1.254
                (int interface)      (ext interface)            (internal interface)
                        |--------------|                                       |border router |
-----|--------------| OpenBSD    |----------------|---------------|----------------|
      |                 |--------------|                    |
     192.168.2.20                                         |
      internal host                                  servers on 192.168.1.*
Or should i just have all machines with static internal addresses(192.168.1.*) that are on the same subnet as the internal interface of the border router but outside of it's dhcp range?. Which is technically that best idea?. I realise that if the OpenBSD box is doing dhcp for the internal network then the addresses it gives out will have to be on a different subnet than the addresses given out via dhcp by the border router.
The diagram is slightly simplified. Obviously switches are involved(the servers and the OpenBSD box are on a switch that is attached to the border router. The internal host(s) are on a switch that is attached to the OpenBSD firewall box). Also i'm very sorry to keep bothering you all. I really am very grateful for all the help i'm getting. I understand if you don't want to help me any further.
Thank you for your time and replies.
Regards unixjingleman
Reply With Quote