|
|||
Network Firewall Architecture
Dear All,
I had set up a ADSL connection with the following architecture. Modem - OpenBSD(NAT + PPPOE) - LAN Recently, I had subscribe to Coaxial Cable Connection 10 Mbps. I believe the configuration must change due to the internet connection is made at the Cable Modem rather than at OpenBSD box. My Coaxial Cable modem is Motorola surfboard sbg901. From this website, it does need to set up OpenBSD in bridge mode which I don't like because there is no IP address for network interface which causes no services can start up and bind to the network interface. Thus, I don't like this network architecture. Therefore, I'm think need to setup my firewall like this. Cable Modem (Disable DHCP and Disable WLAN) - OpenBSD(rl0 and rl1) - LAN Questions: I don't know whether the NAT is perform on Cable Modem or OpenBSD box. Please enlighten me on this. Thanks. |
|
||||
It appears that the Motorola SBG901 does not have a "bridge" mode. Instead, you would use its "Advanced DMZ Host Page" and configure one device (your OpenBSD router) to manage an internal subnet, per page 49 of its manual. Both the SBG901 and your router would use NAT, but the only device on the SBG901's "customer" Ethernet segment would be your OpenBSD device.
Code:
{Internet} - [SBG901] - {customer Ethernet} - [OpenBSD] - {your managed network} |
|
|||
Dear jggmi,
Recently, I 'm think of change ISP. Thus, I wonder how this network setup going to work with OpenBSD. Questions: There is no dedicated ip assigned to individual. The connection is dial automatically AFAIK. How to perform NAT since there is no pppoe interface (External Interface)? How to achieve packet filtering with OpenBSD? Last edited by Peter_APIIT; 11th December 2015 at 10:51 AM. |
|
|||
Hello,
When you are in bridge mode you can set up an IP address. Like ifconfig br0 You might try to take a random public address for your Openbsd so that you can reach it from the LAN (of course you won't be able to reach it from the internet) OpenBSD(rl0 and rl1) - Cable Modem (Disable DHCP and Disable WLAN) - LAN |
|
||||
For clarity, an external ISP gateway device (such as a DSL modem) operating in "bridge mode" is different from an OpenBSD bridge(4) interface. To my understanding, OpenBSD bridge(4) interfaces are not applicable to Peter's question.
--- OpenBSD bridge(4) interfaces, when used, are not assigned IP addresses, only member interfaces may be assigned addresses. See the BRIDGE section of the ifconfig(8) man page for provisioning guidance. |
Tags |
openbsd |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
What is your preference when it come to architecture? | Mr-Biscuit | Off-Topic | 3 | 5th January 2011 08:09 PM |
FreeBSD FreeBSD 8 is getting new routing architecture | clone | News | 0 | 10th November 2009 06:38 PM |
problem with Architecture Selection | badguy | OpenBSD Packages and Ports | 4 | 11th October 2009 12:51 AM |
Vista network issues behind PF Firewall | cerulean | Other OS | 3 | 10th November 2008 10:36 PM |
Alternative Architecture Laptops | JMJ_coder | General Hardware | 6 | 7th October 2008 05:05 PM |