View Single Post
  #2   (View Single Post)  
Old 3rd January 2011
ocicat ocicat is offline
Join Date: Apr 2008
Posts: 3,297

Originally Posted by unixjingleman View Post
But, when i think of any of the dedicated firewall's or servers' interfaces it doesn't make sense to me to put any of them in the router/modem's DMZ( I'm think it would be better for the dedicated firewall's and the servers' interfaces to have static private I.Ps ie etc right?).
I can only assume that you are getting some dynamic DHCP address assigned from your provider. That's fine. The external interface on your firewall can be configured for dynamic addresses.

Otherwise, you are correct. A firewall must be configured with different subnets on the different interfaces. The interface used for your private network can use private addresses. You have the choice of either setting up each internal host with static IP addresses on their interfaces, or you can configure a DHCP server within your internal network to assign dynamic address.

As a newcomer to OpenBSD & pf(4), you will save yourself significant time & aggravation by studying the official FAQ including the PF User's Guide along with the pf(4) manpage. The only third-party introduction to pf(4) worth the the time to study is Hansteen's manuscript:
Reply With Quote