DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th January 2021
leave0 leave0 is offline
Port Guard
 
Join Date: Sep 2020
Posts: 14
Default route config

hi guys ,i have two compouters Apenbsd B:windows,there all in the same router use dhcp connect internet,ip A:192.168.10.13 B:192.168.10.14,and i change B's ip to 192.168.3.2,and i want i B use A as router to connect the internet ,how to configure it .thanks
Reply With Quote
  #2   (View Single Post)  
Old 19th January 2021
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,187
Default

Your OpenBSD computer needs to become a router, which requires two Network Interface Cards (NICs). One of the NICs must be connected to the "outer" subnet (192.168.10/24), the other NIC must be provisioned for use on the "inner" subnet (102.168.3/24). The "inner" subnet would also require either provisioning with Network Address Translation (NAT) or the outermost ISP-provided router would need to have a routing table entry added to know that the 102.168.3/24 subnet is connected via the (new) router at 192.168.10.13. Lastly, IPv4 packet forwarding must be provisioned in sysctl.conf(5).

The TL;DR - If computer A doesn't have 2 NICs, you cannot use it as a router. If you have 2 or more NICs, you can use it as a router but networking knowledge is required for success.
Reply With Quote
  #3   (View Single Post)  
Old 20th January 2021
leave0 leave0 is offline
Port Guard
 
Join Date: Sep 2020
Posts: 14
Default

i was learning TCP/IP in recent days,and the guy who teach this mention "route on a stick " " your can set 2 ip address in one net card in an linux computer " he says ,i am not sure it works or not.
Reply With Quote
  #4   (View Single Post)  
Old 20th January 2021
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,187
Default

"Router on a stick" is a term applied to networks that deploy managed switching equipment which support IEEE 802.1Q Virtual LANs. VLANs permit multiple logical Ethernet networks to share the same physical media for their backbone communications, and then isolate individual Ethernet networks physically as needed. This is done through provisioning of managed switches where ports can be assigned as shared by specific multiple Ethernets or isolated to individual Ethernets.

OpenBSD supports 802.1Q VLANs through the vlan(4) driver, and nested VLANs through the svlan(4) driver. These drivers require connecting with equipment that support the IEEE 802.1Q and IEEE 802.1ad Ethernet protocols, respectively.

https://en.wikipedia.org/wiki/Router_on_a_stick

https://en.wikipedia.org/wiki/Virtual_LAN
Reply With Quote
  #5   (View Single Post)  
Old 21st January 2021
leave0 leave0 is offline
Port Guard
 
Join Date: Sep 2020
Posts: 14
Default

thank you ,i am too lazy!
Reply With Quote
  #6   (View Single Post)  
Old 21st January 2021
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,187
Default

In further answer to your original question --- here is an ASCII "graphic" of two local networks: There is a single "gateway" router to the Internet, which may be ISP-provided, and there is a second router between the two networks, which might be your OpenBSD platform.
Code:
{Internet} - [Router A] - {Outer Network} - [Router B] - {Inner Network} - [Workstation]
Consider:
  • Router B has two NICs, which are on two different subnets.
  • Devices on the Inner Network, such as the Workstation, need only know about their local subnet through their assigned IP address and netmask, and have a default route to all other addresses through Router B.
  • Devices on the Outer Network, which are not shown, have two entries in their routing tables: a route to devices on the Inner Network through Router B, and a default route to all other addresses through Router A.
  • Router B has two subnets provisioned on two NICs. It needs a default route to all other addresses through Router A.
  • Router A has a NIC on the Outer Network, and has a default route through the ISP to the Internet. It needs a route added to its routing tables to reach the Inner Network through Router B.
A "Router on a Stick" in this environment could reduce the number of NICs required by Router B to a single physical NIC; it would require a managed switch with a minimum of 3 ports provisioned:
  1. A port provisioned to connect to the Outer Network.
  2. A port provisioned to connect to the Inner Network.
  3. A port connecting to Router B, provisioned with both the Inner and Outer Networks as VLANs.
The ports connecting to the Inner Network and Outer Network could be point-to-point with the Workstation or Router A, if there were no other devices on these networks. Otherwise, they should be connected through Ethernet switches to multiple devices on the respective networks.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Route some ip outside VPN afdruiprek OpenBSD Security 13 29th August 2017 02:41 PM
Multi-Path or Route-To? SlyM OpenBSD General 25 1st July 2016 04:21 PM
Route to enc0 WeakSauceIII OpenBSD Security 11 1st June 2015 07:40 PM
No Route to Host rtwingfield FreeBSD Installation and Upgrading 9 25th May 2015 03:05 AM
route on openbsd hpabsdbeginner1 OpenBSD General 2 15th April 2014 07:17 PM


All times are GMT. The time now is 12:25 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick