[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lan-lan bridge filtering with nat possible ?



Hi,
I try to do do a lan lan bridge filtering but I need to have nat too.
Explanations:
I protect my lab from the rest of the network with a bridge
filtering.(protection from virus using tcp port)
The both networks are in the same network range.I can't change it.
I did a lan lan bridge filtering with OpensBSD 3.5 who uses two network
cards.
All works fine.
But, I have only one ip adress authorized on the router to go on internet.
I add the nat command in pf.conf to translate all lab adresses to the
autorized address.
The nat works,but in this case, the externals ip adresses (lan 1 in the
draw) of my lab haven't access at all of my lab as define before in the pf
rules.
I can't use the rdr in pf.conf because the majority of machine in my lab
must be parameter by internet browser on port 80.
I install two other network cards to build a second bridge on the same PC.
the function of this second bridge should to run only the nat process.
I wrotte the nat rules in the same pf.conf file.
but it doesn't work.
the bridge filtering continues to work, but not the nat.
I don't know if it's possible.
All comment will be apreciate.
Thanks
(internet)---[router]---(LAN1)---[PC-CARD-1]---(bridge1)---[PC-CARD-1]------
(LAB)
                               |                                         |                               --[PC-CARD-2]---(bridge2)---[PC-CARD-1]---