Hi, I'm trying to evaluate how to set up my OpenBSD server as an internet gateway.
I've a static IPv4 address, and a /48 IPv6 block. I've already NATed IPv4 using PF, but I'm in doubt on how to bridge the IPv6 part without breaking the IPv4 NAT. I'll assume lan=eth0 and wan=eth1 to make this a bit more readable. >From what I've managed to think up, I'd have to bridge both interfaces (eth0/eth1), and use PF to disallow traffic to/from private IP4s on eth1. My doubt is: if I bridge both interfaces, can I still NAT properly? If br0 contains eth1 and eth0, can I bridge "from br0 to br0"? This may sound odd, but br0 has actually two IPv4 addresses; the private and public. Also, if eth1 in bridged, I can still drop packets using pf properly, right? (discarting private-network packets on it is what I've in mind). Is this the proper solution? Or is there some other way I haven't thought of? Cheers, thanks, -- Hugo Osvaldo Barrera
