[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Routing and Bridge

To: misc@openbsd.org
Subject: Routing and Bridge
From: "David de Gruyl" <david@bhaermandegruyl.org>
Date: Thu, 2 Oct 2003 09:47:38 -0400
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
User-Agent: Mutt/1.5.4i

Apparently I made a mistake in the setup of a remote office, when I sent 
an OpenBSD box for use as a firewall.  I set up a bridging firewall in 
that office, but I think that I a regretting that decision.  The 
structure is:

lan  ----------------- Firewall ---------------- router ---- internet
192.168.65.0/24       int: 192.168.65.7         int: 192.168.65.254
gw: 192.168.65.254    ext: public IP            ext: public IP

The firewall is also handling IPsec via isakmpd, and the connections are 
being established, and working from that machine.  Incoming connections 
through the VPN tunnels are arriving, and being routed to the lan, but 
responses are going out the default route.

I am hoping that changing to a non-bridging IP scheme will eliminate the 
problems with respect to routing of IP packets, through the IPsec 
tunnels.  So I plan on using:

lan  ----------------- Firewall ---------------- router ---- internet
192.168.65.0/24       int: 192.168.65.254       int: public IP
gw: 192.168.65.254    ext: public IP            ext: same as int

Is this the advisable solution, so that packets will be routed from the 
internal network to the VPN tunnels? (I have a setup similar to this at 
two other locations, which do not expirience the routing issues).

Thank you,
David
-- 
David de Gruyl <david@bhaermandegruyl.org>

Prev by Date: Make build failing on 3.2
Next by Date: i386.html description of Floppy C
Prev by thread: Make build failing on 3.2
Next by thread: i386.html description of Floppy C
Index(es):
- Date
- Thread