View Single Post
  #4   (View Single Post)  
Old 3rd January 2011
ocicat ocicat is offline
Join Date: Apr 2008
Posts: 3,297

Originally Posted by unixjingleman View Post
So the dedicated firewall(OpenBSD box) can do NAT and dhcp for the servers(in the DMZ) and the hosts on the internal network?.
Yes, however, there is an advantage to separating functionality (firewall & DHCP) if you have the hardware.
So should i put the interface that connects the OpenBSD dedicated firewall to the external router/modem(router and modem in one) in the DMZ of the external router/modem?.
Your modem/router was designed to be used as a single device serving multiple functions. By inserting another box running OpenBSD & pf(4), you are deprecating the firewall functionality of your modem/router. As such, I would connect the OpenBSD firewall's external address to the modem/router's internal DMZ interface.
Reply With Quote