Hi all

i am new at this so apologies if i am talking complete rubbish.

what i am looking to do is setup a openbsd firewall connection to a dsl line ( i have static ip's). i have a internal lan that i will want to give web & other services access to & i also would like to setup a webserver/mailserver for a domain or two that i hope to play about with.

the question is that what would be the best way to achieve this? should i setup the web/mailserver on the internal lan & have the firewall rdr any requests to the appropriate box or should i put another card in the firewall & have that connect to the web/mailserver pc ?

any pointers on pf rules would be appreciated.

Thanks

Kass

I suppose it depends on how many IP addresses you can get from your ISP. If you have a couple, you can set up a DMZ as this could lessen the impact of a break-in on your webserver

the question is that what would be the best way to achieve this? should i setup the web/mailserver on the internal lan & have the firewall rdr any requests to the appropriate box or should i put another card in the firewall & have that connect to the web/mailserver pc ?


You should create a DMZ for your public services (web,etc.), and not let anything into yor private lan unless needed/trusted.

You may want to invest in the Absolute OpenBSD book. From what I have heard, I have not read it yet, this can walk you through setting up this kind of router/firewall.

Good luck,

here is a quesiton that I had been wrestling, and this post brought it up...if one keeps thier webserver on the DMZ, what is the best way to connect it to the data server that is in the trusted side?

You can go the route of a Virtual Private Network (VPN) using shared passkeys. I had set that up before with the help of some guys on this board, (KrUsTy! and |MiNiOn| actually) and it worked very well.

-hn

Thanks to all for you suggestions.. i will lookup the book. i may be back for help with pf rules :shock: