DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
Old 3rd April 2017
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

Quote:
Wait! What? How does that even work? Two devices have the same IP address, one static, one dhcp? You forced them to bridge? Can you do that? But, they still have private addresses, so I guess your ADSL+router is the main router+firewall in your castle?
.
One device was the server and I initially had it set to offer a limited number of IP addresses. The client device would request a single IP address within the narrow range offered by the server. It worked, I believe, because the static address the client was requesting was available at the server and no other client devices were requesting addresses..

I have since changed the server (Netis DL4201) to offer a Static address to my linksys SOHO routers' MAC.

In my setup the Netis ADSL modem only routes to the SOHO Linksys router. I turned everything else (ftp server, UPnP) in the ADSL Netis modem off. The Linksys router does most of the routing to static NIC devices and dhcp wireless devices.

I have never configured a cable modem but my sense is from the forum comments that most users do not use bridge mode when setting up a OpenBSD pf firewall.

Last edited by shep; 3rd April 2017 at 08:34 PM. Reason: Added cable modem comment
Reply With Quote
Old 3rd April 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by shep View Post
I have never configured a cable modem but my sense is from the forum comments that most users do not use bridge mode when setting up a OpenBSD pf firewall.
I've used several, over several decades. Each time, the cable modems I used *were* bridges.

I've never used an ISP-provided cable modem that was integrated with a SOHO router. But they are very popular with non-technical cable customers.

I was a VDSL customer for a number of years, where at the time my only choice was an ISP-provided router. While it did not have a "bridge mode," it did have what the vendor called "SuperDMZ mode" which was the equivalent. The device didn't bridge directly because it was also providing multicast IPTV to set-top boxes on the local network.
Reply With Quote
Old 3rd April 2017
beiroot beiroot is offline
Shell Scout
 
Join Date: Sep 2016
Posts: 86
Default

Quote:
While it did not have a "bridge mode," it did have what the vendor called "SuperDMZ mode" which was the equivalent. The device didn't bridge directly because it was also providing multicast IPTV to set-top boxes on the local network.
This gave me an idea, because my ISP's adsl+router has a DMZ functionality, but I don't know if it's "superDMZ" And it also has IPTV (I don't use it - too slow connection where I live) and multicasts - I saw it on tcpdump.

jggimi, what's the trick behind "superDMZ"?

I hope my DMZ doesn't just forward packets from ext_ip to int_ip without filtering them. This would still require nat or static routing.


---------------------------------------------------------------------

shep, ok, but what additional value does this solution have?

ADSL 1--> Router 2--> stuff
1. first dhcp, now static
2. static for wire, dhcp for wireless

if you have one subnet imho - zero. You could as well address your ADSL 192.168.2.1, your router 192.168.2.2 and the rest as you wish (dhcp or static).

If you have two subnets - you would still need either NAT or static routing so also zero.

It seems like a very normal solution to me and this is not quite the answer to my question
But I might not understood something correctly or lacking knowledge. If so, please correct me.

Last edited by beiroot; 3rd April 2017 at 02:55 PM. Reason: answering shep
Reply With Quote
Old 3rd April 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by beiroot View Post
jggimi, what's the trick behind "superDMZ"?
No trick. I just enabled it, telling the gateway which device to assign.
Reply With Quote
Old 3rd April 2017
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

Quote:
shep, ok, but what additional value does this solution have?
ADSL 1--> Router 2--> stuff

Put pf firewall between ADSL1 and Router2 particularly if ADSL1 and Router 2 are not OpenBSD friendly.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
simple openbsd home router cable modem local lan Nivekg OpenBSD General 11 18th April 2016 11:24 PM
Building a Firewall/Router prepurchase questions azarian OpenBSD Security 19 16th January 2015 11:05 AM
Routing/NAT problem setting up home wireless router on Alix board ritter_k OpenBSD General 11 17th November 2013 08:36 PM
pf firewall, is it a bridge or router? tomp OpenBSD Security 8 17th August 2011 06:12 PM
Is there a purpose for using pf if you have a hardware router/firewall? guitarscn OpenBSD Security 9 23rd January 2009 12:22 AM


All times are GMT. The time now is 03:42 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick