Quote:
Originally Posted by ocicat
... If the contract you have with your ISP is to supply you a single IP address, & you wish to have several hosts on the internal network each individually connect to the Internet independently, the only solution you have is to configured NAT at the exterior router -- in other words, configure NAT in pf(4).
If you configured your OpenBSD pf(4) system as a bridge, it will be acting as a switch with only two ports. If you are familiar with the OSI networking model, the OpenBSD system will be functioning at Layer 2/Data link layer instead of Layer 3/Networking layer (routers). As a bridge, your OpenBSD system will not have IP addresses assigned to its interfaces. However, note that configuring your OpenBSD system as a bridge will also mean that it cannot be configured for NAT. Only a single device can be connected on each side of this bridge...
|
We do have a single internet IP address.
What I hear you saying is that I have two options that will work, the first one where the DSL Modem/Router goes to bridge mode with NAT and Firewall off, and then our OpenBSD box functions as a NAT router and firewall via PF. And the second one where the Modem/Router does NAT, the current BSD box is a bridge, and there's another box of some kind that does the routing.
Yes?
I think the former option is the way we will go.
Thanks everyone. This forum is
very useful.