[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

dynamic pf router

Being recently blessed with multiple dynamic IPs, I thought to make better
use of them. The IPs are DISJOINT and DHCP issued from the upstream cable
ISP. Here are some ideas, perhaps someone would share their wisdom and
shed some light on the pros and cons of each methods. The gateway is using
OpenBSD-current with pf.

as an example, let's say we have 5 real IPs, and 10 internal machines. the
goal is to fully utilize all of the available IP addresses(so we will NOT
use the scenario where everything gets port NATed to a single outgoing IP)

1) Assign all 10 machines addresses. Have the external
interface on gateway to pickup multiple dhcped IP addresses. BiNAT 4 real
IPs to 4 internal machines. Port NAT the rest 6 internal IPs through the
leftover real IP.

No need to modify filtering rules when external IPs change. Is it
possible to accomplish this in OpenBSD? how does one got about obtaining
multiple IPs using dhclient?

2) Setup the gateway to bridge the two interfaces. Let 4 internal machines
to obtain real IP addresses. Set up a separate NAT box with the remaining
IP to network the rest 6 internal machines.

Need to change filtering rules as the dhcped IPs changes. Is  NATing on a
bridge using IP aliases discouraged(e.g. collapsing the bridge and NAT to
a single box)?

Are there even more elegant solutions? dear misc readers, please share
your insights. Thank you.


Visit your host, monkey.org