On Mon, Mar 31, 2025 at 06:19:08PM +0000, otto.cooper wrote:
>
> On Monday, March 31st, 2025 at 6:09 PM, Zé Loff <zeloff@zeloff.org> wrote:
>
> > Per this configuration, both interfaces are on 192.168.1.0/24: one is
> > .11, the other is .12.
>
> > Since routing seems to work properly, I am assuming this was a copy/paste error.
>
> No copy/paste error. Perhaps a real error on my side.
>
> The machine is a firewall sitting between the gateway and the LAN.
>
> The gateway has a single wire connected to the firewall's port em0 (192.168.1.11).
>
> The LAN's switch has a 10Gbps link to the firewall's port ix0 (192.168.1.12).
>
> > Back to the original question, have you considered using /etc/mygate to
> > specify the default route?
>
> ```
> >cat /etc/mygate
> 192.168.1.1
> ```
>
>
The simplest (IMHO) to do this is to separate this into two distinct
subnetworks. Put the gateway and the firewall's egress interface on
192.168.1/24 and the LAN on 192.168.0/24. Then add the gateway's IP
address as the gateway on /etc/mygate, or add
!route add default 192.168.1.1
to /etc/hostname.em0.
Depending on your LAN, either you configure them manually (IP, netmask,
gateway, DNS server,...), or setup dhcpd on the firewall, to configure
them automatically. /etc/examples/dhcpd.conf has a simple, useful and
pretty self-explanatory example for this.
Then there's DNS. This depends on whether your gateway is running some
sort of resolver, or simply telling its DHCP clients which DNS resolver
to use. You'd then have to choose whether to run unbound on the
firewall, or configure all LAN clients (manually or via DHCP) to use
whatever resolver the gateway tells you to.
--
No comments:
Post a Comment