View Single Post
Old 4 Weeks Ago
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,810
Default

I had some time this evening to replicate the environment. Two routers, 4 subnets, and terminal workstations/servers on all 4 networks. I used your addressing schema, and did not test https or NAT. Pings and ssh sessions were the extent of my tests.

I was able to establish ssh sessions from the $mgt network to the new $dmz_ops network via adding the following lines to the pf.conf I posted earlier in this thread, using it in Router 1.
Code:
.
.
dmz_ops = "192.168.15/24"
.
.
pass log proto tcp from $mgt to $dmz_ops port ssh
.
.
The pf.conf(5) file in Router 2 was the default file from 6.6-release.

Router 1 requires a static route(8) for the $dmz_ops subnet. As an example, the hostname.if(5) file on Router 1 that defined the $dmz subnet contains:
Code:
10.12.0.1/16
!route add 192.168.15.0/24 10.12.0.2
Any devices that do not use Router 1 as their default/gateway route will need a similar static route added to reach the $dmz_ops subnet.
Reply With Quote