Chris Tusa
2004-06-26 23:17:53 UTC
Hi All,
I have been building OpenBSD routers for small offices for a few years now
using
2 NICS with a single ISP and and a LAN. I now have a customer who has TWO ISPs
for redundency and we are going to be replacing their Symantec Firewall Router
with OpenBSD. But before I complete the network configuration, I wanted to
confirm the best approach to this. Here is what I picture as the solution:
- - 3 NICS (1 for the LAN and 1 for each WAN)
- - LAN Interface implements DHCP and NAT
- - Use the openbsd BRIDGE functionality to bridge the 2 ISP NICs.
- - PF rules are setup to forward packets from LAN to the BRIDGE interface.
- - Turn on routed
Here are the file contents for the networking
hostname.rl0 (LAN/NAT) =
192.168.1.1 255.255.255.0 NONE
hostname.rl1 (ISP/WAN 1)=
dhcp
hostname.rl2 (ISP/WAN 2)=
dhcp
bridgname.br0 (TWO ISP WANS) =
add rl1
add rl2
up
My concern with this setup is that bridging normally joins two network
segments
or can be used to filter traffic between two interfaces, so in a sense, I
don't
want to bridge the two ISP's to communicate, but I want to be able to send
packets out across either one or receive from either one without the LAN
knowing
the difference. Also, it would be nice to know if there would be any speed
increase. Is this the best or correct method?
- --
Chris Tusa
***@linisys.com
(504)-464-4610 ext 1
- --
Chris Tusa
ITechusa Networks
***@itechusa.net
504-464-4610 x3
- - Full Service Networking
- - Webhosting
- - Linux Consulting
I have been building OpenBSD routers for small offices for a few years now
using
2 NICS with a single ISP and and a LAN. I now have a customer who has TWO ISPs
for redundency and we are going to be replacing their Symantec Firewall Router
with OpenBSD. But before I complete the network configuration, I wanted to
confirm the best approach to this. Here is what I picture as the solution:
- - 3 NICS (1 for the LAN and 1 for each WAN)
- - LAN Interface implements DHCP and NAT
- - Use the openbsd BRIDGE functionality to bridge the 2 ISP NICs.
- - PF rules are setup to forward packets from LAN to the BRIDGE interface.
- - Turn on routed
Here are the file contents for the networking
hostname.rl0 (LAN/NAT) =
192.168.1.1 255.255.255.0 NONE
hostname.rl1 (ISP/WAN 1)=
dhcp
hostname.rl2 (ISP/WAN 2)=
dhcp
bridgname.br0 (TWO ISP WANS) =
add rl1
add rl2
up
My concern with this setup is that bridging normally joins two network
segments
or can be used to filter traffic between two interfaces, so in a sense, I
don't
want to bridge the two ISP's to communicate, but I want to be able to send
packets out across either one or receive from either one without the LAN
knowing
the difference. Also, it would be nice to know if there would be any speed
increase. Is this the best or correct method?
- --
Chris Tusa
***@linisys.com
(504)-464-4610 ext 1
- --
Chris Tusa
ITechusa Networks
***@itechusa.net
504-464-4610 x3
- - Full Service Networking
- - Webhosting
- - Linux Consulting