|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
External Ips
Hello
I have ADSL modem with 4 address on my own use. I am using openbsd and PF and i would like to assign this 4 address to some local hosts. I dont want to use binat. I want to assign public ips to the host behind the server Thanks |
|
|||
Configure your OBSD firewall as a transparent bridge, having no IP addresses. Let the hosts use DHCP to get the addresses from the ADSL modem.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Hi
J65nko but this router is also making nat, queue, and filtering traffic for other computers. Only for few computers i would like to assign this external address... Is there any way ? proxy arp or smth? PS: I cant add another nic Thanks for help |
|
|||
There is an example of proxy arp configuration in the arp man page
But I would advise to get another box that you can equip with 3 NICs (external, DMZ and internal) If you have servers with a public address in your local LAN, those servers, if compromised, can be used to launch an attack against the complete local LAN. By placing the servers/hosts inside a DMZ these servers still could be compromised, but not used as a base for attacking your internal network.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Hi !
J65nko, so what if change my ISP and i get from him 2 C class for example xx.xx.xx.1-254 and xx.xx.xy.1-254. Then if i want to assign address to my users i must make binat ? Thanks |
|
|||
Entire Class C networks are no longer allocated due to address depletion, unless a significant amount of money is exchanged. For home usage, the price would be astronomical, & far from practical.
|
|
|||
Ocicat, i am asking about way to assign public ip address for users, without binat, that was only example.
thanks |
|
|||
If your users use OpenBSD and have a 'bge' NIC you create a proper "/etc/hostname.bge0" file.
Code:
$cat /etc/hostname.bge0 #dhcp NONE NONE NONE inet 192.168.222.20 255.255.255.0 NONE !ifconfig bge0 media 100baseTX mediaopt full-duplex Or you set up a local DHCP server But I still don't understand why you insist on using public IP addresses
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
OK
I tried to make arp proxy wihout any results. I have got from my ISP class with prefix /29, one address is reserved for network, one for modem and one for broadcast, so i have from 8 address 5 for my own use. I divided my class /29 to two class /30. One i leaft on external interface for nat users behind the router and second assigned to internal interface as alias. like J65nko said, i looked up to the manual for setup arp proxy and i add: Code:
arp -s 204.1.2.3 00:90:27:bb:cc:dd pub |
|
|||
Unfortunately I am not able to try arp proxy.
My computer lab boxes except one, are still unpacked in the garage. Buying a house and a garden, both unmaintained for more then 3 years, probably is something I shouldn't have done
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Ok, someone else try to set it
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
mounting external XFS HDD | rativid | OpenBSD General | 5 | 3rd September 2010 02:31 PM |
PF NAT and 2 external nic´s | Calderon | FreeBSD Security | 20 | 9th September 2009 12:46 PM |
Router for external IP's | bichumo | General software and network | 11 | 22nd July 2008 03:07 AM |
2 external NIC + 1 internal NIC | AlexV | FreeBSD General | 7 | 4th June 2008 08:18 AM |
ssh/external access | jwhal | OpenBSD General | 11 | 21st May 2008 07:19 PM |