Quote:
Originally Posted by unixjingleman
So the dedicated firewall(OpenBSD box) can do NAT and dhcp for the servers(in the DMZ) and the hosts on the internal network?.
|
Yes, however, there is an advantage to separating functionality
(firewall & DHCP) if you have the hardware.
Quote:
So should i put the interface that connects the OpenBSD dedicated firewall to the external router/modem(router and modem in one) in the DMZ of the external router/modem?.
|
Your modem/router was designed to be used as a single device serving multiple functions. By inserting another box running OpenBSD &
pf(4), you are deprecating the firewall functionality of your modem/router. As such, I would connect the OpenBSD firewall's external address to the modem/router's internal DMZ interface.