|
|||
OpenBSD Vlan setup
Greetings,
I am currently in the process of setting up a new firewall/Router using OpenBSD 6.7 due to some issues I am having with my current firewall. I have multiple vlans configured on my switch and existing firewall. In my case, I have vlans 1, 10 and 999. The problem I am having is that I have seen a couple of walkthroughs for this where they have em0 and em1, but assign the parent to em0. Should I be assigning the hostname.vlan10 as such: inet 192.168.0.2 255.255.255.0 192.168.0.255 vnetid 10 parent em0 or should it be inet 192.168.0.2 255.255.255.0 192.168.0.255 vnetid 10 parent em1 Any assistance would be greatly appreciated. |
|
|||
Oddly enough, my system uses em0 and em1 and seem to tbe hte deafult for Intel based NICS. I should have said that em0 is for the wan connection and em1 is for the private side. Also, minus the IP's the two I inet lines I posted earlier are directly from my system configuration. Though, I might have figured it out. Once I get PF all configured, I'll be doing the connectivity testing
|
|
||||
I happen to use a VLAN infrastructure that doesn't have an internal vs. external NIC. All physical NICs are both private and Internet-facing, using VLANs to define all connections. I accomplish this with a managed switch, where the VLANs are mapped to physical ports -- some shared, some unique.
Additionally, each server has three physical NICs, vr0-vr2, which are aggregated into a single trunk(4) pseudo-NIC, and the servers use carp(4) for high availability.
|
|
|||
Greetings,
I also have a managed switch that has a few vlans on it. My hardware firewall died and I ended up creating on with Opnsense as a virtual on my ESXI server. I have been having issues with that as well and finally decided to just build one out with OpenBSD as I already have 2 OpenBSD DNS servers running, that do ad blocking. I have thought of securing the web access more, but how far down that rabbit whole do I really want to go? So I have a management vlan, internal vlan and an IOT vlan, which cannot talk to one another. I am also running an access point that is vlan capable as well. I currently have: inet 192.168.0.2 255.255.255.0 192.168.0.255 vnetid 10 parent em1 Listed under /etc/hostname.vlan10 and I am able to ping the assigned IP. Once I finish with the PF configuration, I;'ll know if this will still work or if I need changes. Currently, I have a NIC specifically assigned on my ESXI server for the firewall. em0 goes directly to the modem and em1, goes to the managed switch. The switch has 2 trunked ports, one that goes back to the firewall/router and the other is for the access point. All this in my apartment. |
|
||||
Here's a "graphic" of the infrastructure:
Code:
There are 8 physical ports in use on my small managed switch: {Internet} -- {LAN} -- {FW1} -- 3x {FW2} -- 3x |
|
|||
This is what i currently have in mine:
################## #Variables # ################## wan = em0 intra = "vlan10" iot = "vlan999" mgmt = "vlan1" Last edited by Crypt; 13th August 2020 at 01:57 AM. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
VLAN's with OpenBSD router | Zmyrgel | OpenBSD Security | 5 | 15th February 2019 11:41 AM |
Your OpenBSD shell setup | hanzer | OpenBSD General | 11 | 23rd October 2017 09:35 PM |
OpenBSD VPN Setup | Dr-D | OpenBSD Security | 2 | 4th April 2014 01:23 PM |
OpenBSD IRC channel chat about DMZ and vlan | J65nko | General software and network | 3 | 25th December 2009 11:15 PM |
how setup arpwatch for OpenBSD | mfaridi | OpenBSD Packages and Ports | 1 | 11th December 2008 05:22 PM |