Gateway with static external IP - BSD

This is a discussion on Gateway with static external IP - BSD ; Hi, I recently set up a gateway with OpenBSD 3.8. I tested it by setting the external interface to DHCP (so I could test the filtering rules on my private LAN), and gave the internal interface a static address. My ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Gateway with static external IP

  1. Gateway with static external IP

    Hi,

    I recently set up a gateway with OpenBSD 3.8. I tested it by setting
    the external interface to DHCP (so I could test the filtering rules on
    my private LAN), and gave the internal interface a static address. My
    pf rules work perfectly, all traffic goes where it should.

    The problem is, I now need to give the external interface a static IP
    (to connect to a large state and library network). I set the IP
    address and the gateway (put the gateway address of the firewall we had
    previously into the /etc/mygate file), and changed to IP's in the
    /etc/pf.conf to reflect the new external and internal addresses. Are
    there any other settings that I need to change to get this to work?

    I'm going to try and deploy this today, during a time which the users
    will be working. They are notified that the network will be going down
    for a while, but I'd like to get it as close to correct as possible so
    that troubleshooting will be easier.

    Thanks,

    JM


  2. Re: Gateway with static external IP

    jon.j.morin@gmail.com wrote:
    > Hi,
    >
    > I recently set up a gateway with OpenBSD 3.8. I tested it by setting
    > the external interface to DHCP (so I could test the filtering rules on
    > my private LAN), and gave the internal interface a static address. My
    > pf rules work perfectly, all traffic goes where it should.
    >
    > The problem is, I now need to give the external interface a static IP
    > (to connect to a large state and library network). I set the IP
    > address and the gateway (put the gateway address of the firewall we had
    > previously into the /etc/mygate file), and changed to IP's in the
    > /etc/pf.conf to reflect the new external and internal addresses. Are
    > there any other settings that I need to change to get this to work?


    set your IP address and netmask in /etc/hostname.
    see hostname.if(5).

    in pf.conf, you can define e.g. an ext_if variable and then use ($ext_if).
    the parentheses will translate this into the actual IP address assigned to
    this interface, so if you ever need to change your configuration, you won't
    need to come back to modify these lines.

    see pf.conf(5) and the PF FAQ (http://www.openbsd.org/faq/pf/) for details.

+ Reply to Thread