I.P addressing confusion
I'm wanting to set up a network. I'm still confused as to how to set it up. I think the easiest design is to have a switch on my border router. On this switch will be the servers. Also attached to this switch will be an OpenBSD box. This will be a dedicated firewall. On it will be another switch. And the machines on the internal network will be attached to this switch. In the book "building Internet firewalls"(o'reilly) this set up is described as a screened subnet architecture. However the external interface on the OpenBSD dedicated firewall will have to get it's I.P via dhcp (192.168.1.*) from the border router. That or it can be a static I.P on the same subnet as the border routers dhcp range 192.168.1.*(but outside the dhcp range) but that would be trickier. The internal interface of this dedicated firewall would be static and on a different subnet as the external interface (192.168.2.*). Then this internal interface could give out I.Ps to the internal network that are on 192.168.2.*. If it did N.A.T for packets from the internal network. But then N.A.T would be being done twice; once by the OpenBSD dedicated firewall and once on the border router, before going off to the net.
Or is it a better approach to NOT do N.A.T on the OpenBSD firewall and have all I.Ps on the whole network assigned as static(outside of the border router's dhcp range, but all on the same subnet(192.168.1.*))?.
Basically is there any point in the OpenBSD box doing dhcp and N.A.T for hosts on the internal network?. I guess the answer is no. But i just wanted to hear your opinions, if you have the time.
The border router is a home router. I wanted to have a normal triple-homed dedicated firewall and put it in the border router's DMZ but it proved unpredictable and tricky. So i just wondered what the best I.P addressing scheme would be for my newer way.
Thank you for your time. And fare ye well