Thanks all,
I did the usual tcpdumping but had Issues matching packets from box 2 -
only matched the starting block all rule: block in on em1 192.168.2.2 1234 -> 192.168.1.2 (test client)
I'll be using carp in the production scenario so there will be 2 of both box 1 and box 2 - that increases
complexity a little bit so instead of solving the nat issue I had I'm rewiring the setup..
Cheers,
Gurra
> On 30 Apr 2023, at 12:42, Polarian <polarian@polarian.dev> wrote:
>
> Hello,
>
> Although this is slightly off topic, but why do you have your servers in a deeply nested NAT?
>
> Servers benefit from low latency, and also as little points of failure as possible.
>
> You should switch OpenBSD 1 and 2 around, so that the clients are in a nested NAT, then use the firewall rules to secure the server, for the best results, also if OpenBSD 1 goes down (client network) then so does the server, when the server is used 24/7 and I assume the client network is only used during normal office hours?
>
> This is just a suggestion not an issue, but it is something you should consider.
>
> Have a good day,
> --
> Polarian
> GPG signature: 0770E5312238C760
> Website: https://polarian.dev
> JID/XMPP: polarian@polarian.dev
>
No comments:
Post a Comment