Hello,
I want to use OpenBSD as firewall for a configuration where every hosts is
isolated.
For example, let's say I have 1.0.0.0/24 subnet and 2000::/56 subnet.
I want each host to have a single ip for ipv4, and a /64 for ipv6.
On the layer 2 side, I can configure a single VLAN for each host, I can either
show each VLAN to the OpenBSD router as different VLAN or I an use PVLAN to have
a single VLAN on the OpenBSD side.
Now, with ipv6 it's easy, I can create a /64 for each host, but for ipv4 it's
trickier. I'd like to use as few IP as I can and I think the lowest I can do is
to use 2 IP per host.
I was wondering if you had general advices on what was the best configuration.
I looked at hetzner, and for ipv4, they use point to point ethernet, so the host
has ip in 1.0.0.24 with route to 1.0.0.23/32. It uses Linux's SystemD "[Address] Peer"
configuration and I am not sure exactly what it entails. For ipv6 it uses
fe80::1 as gateway which is also a bit weird as I would expect the gateway to be
on the same subnet.
The general idea is to be able to manage all firewalling between hosts using pf.
Regards
--
Nicolas Goy
Developer and Engineer
Goyman SA
No comments:
Post a Comment