[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bridging and Nat

Hi, have a look at this one, is realy weird!

I have an openbsd 2.5 current with 3 nics:

      | xl0
  |       |
  |  Obsd |------ xl1 DMZ
  |       |

We want to bridge between xl0 and xl1 to save ips, the bridge is
working ok, xl0 has one of the IPs with the right netmask and xl1
has an ip with a netmask of 32 to avoid ifconfig errors.

The Bridge works ok between the Internet and the servers in the
dmz.  The internal networks connects to the Internet using nat,
that also works fine, but we cant see the servers in the DMZ
from the internal network!  I've tried a lot of things, like static
routes in the servers to the internal network through the xl1,
it seems that the bridge working in a lower level of the stack doesnt
forwards the packets to both of the interfaces.  Or perhaps there is
no way of doing nat and bridging in the way that we are thinking.

Also, we have strange behaviour inside the firewall, sometimes we can
ping and connect (tcp) to the machines in the dmz or directly connected
with xl0 and sometimes we cannot, and also (yeah...!) we cant ping
or connect (tcp) to the bridging interfaces of the firewall from the
dmz, directly connected to xl0 or internal network.  All this happens
and the bridge and nat continues working ok.

I think that OpenBSD is great, but the lack of deeper documentation on
these themes is a bad thing, the faq doesn't say anything about
bridging, and there is only a man page about brconfig and one about

I dont have any problems if you want me to colaborate in the proyect
writing documentation, but first of all i need to have more detailed
information about the bridging characteristics and capabilities.

                                 Thanks in advance,

Ps: Please, answer to the list and also to my email address.