[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Could PF replace a Cisco router for multiple IPs?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Could PF replace a Cisco router for multiple IPs?
- From: Miles Keaton <mileskeaton_(_at_)_gmail_(_dot_)_com>
- Date: Sat, 28 Aug 2004 20:06:56 -0700
- Reply-to: Miles Keaton <mileskeaton_(_at_)_gmail_(_dot_)_com>
I've used pf for the most basic firewall+NAT many times, but now that
our company is getting a new T1 connection, I'm thinking instead of
using a Cisco 2600-series router, we might use a regular OpenBSD box
with one of these PCI cards:
It would be used in place of a router - just passing all IP addresses
(16 of them) of the T1 connection through it, doing some initial
scrubbing of traffic, but basically passing through all traffic on all
IPs into a switch inside, to be used by various computers inside:
mailserver, DNS, webserver, etc.
Has anyone who's done this offer any advice?
Can PF still be used to do this kind of thing or am I trying to use
the wrong tool?
(I've read most of openbsd.org/faq/pf and searched the misc@ lists but
didn't see a clear answer.)