[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Could PF replace a Cisco router for multiple IPs?

I've used pf for the most basic firewall+NAT many times, but now that
our company is getting a new T1 connection, I'm thinking instead of
using a Cisco 2600-series router, we might use a regular OpenBSD box
with one of these PCI cards:

It would be used in place of a router - just passing all IP addresses
(16 of them) of the T1 connection through it, doing some initial
scrubbing of traffic, but basically passing through all traffic on all
IPs into a switch inside, to be used by various computers inside:
mailserver, DNS, webserver, etc.

Has anyone who's done this offer any advice?

Can PF still be used to do this kind of thing or am I trying to use
the wrong tool?

(I've read most of openbsd.org/faq/pf and searched the misc@ lists but
didn't see a clear answer.)


Visit your host, monkey.org