[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NEWBIE: alias or vlan?



Hello,
I have some questions about extending my home LAN.

System: OpenBSD 3.2 +latest security patches applied. Dual Linksys TX100 Nics. One connected to DSL modem, one connected to LAN. PF configured to NAT my internal network.

My nextdoor neighbor gave me a Cisco 350 wireless access point so he could hijack some of my bandwidth. I agreed but want to maintain control.

Here are my questions:
1) Initially I have thought about setting up a vlan on my internal Nic
for the network I will assign to the wireless segment. Is this preferred over assigning an alias with ifconfig?


2) To restrict things a bit I was going to cfg the WAP to grab an IP from DHCP and I was going to configure DCHP for this segment to be limited to two addresses (with something equivalent to a 255.255.255.254 subnet mask).

3) I would like to augment my pf ruleset to block traffic from the wireless segment to the wired (and maybe vice versa0. It seems, at least conceptually, that this will be easier to do if I go the VLAN route vs. adding an alias but again I really don't know. Any thoughts?

4) I assume with either case I will need to extend my NAT rule to NAT this new traffic from the VLAN (or alias)?

5) Lastly it seems like the pf man page and HOWTO use the notation /N following an IP address to indicate which octets matter (i.e. 192.168.1.0/24 means the last three octets). Is this correct?

So, If hypothetically I defined some things in my pf.conf:
EXT="ep1"
INT="ep0"
LAN="192.168.1.0/24"
VLAN="192.168.2.0/24"

Could I stipulate that my VLAN network address was 192.168.2.10 with a netmask of 255.255.255.254 and would the similar notation,
VLAN="192.168.2.10/24"


still be valid (for the two hosts 192.168.2.10 and .11?

Thanks so much.

scott rankin



_________________________________________________________________