On 3/25/23 09:33, Stuart Henderson wrote:
On 2023-03-24, Kaya Saman <kayasa...@gmail.com> wrote:
Just responding to this for completeness as I have some more information
on my side
On 3/24/23 07:21, Stuart Henderson wrote:
On 2023-03-23, Kaya Saman <kayasa...@gmail.com> wrote:
Unfortunately I haven't been well for a long time hence the delay in
upgrade and at first found it a little difficult but the way forward
after a bit of reading around was to go to 7.1-release then 7.2 and
finally jump back to Current which I believe is called Beta now? (unless
I missed something or am confusing)
The main release cycle is -current, -beta, <no suffix>, -current - this
hasn't changed. (The "no suffix" includes a few snapshots prior to an
actual finished release, and that's the stage we are at right now).
Ah ok I see, I also understand what has happened in the meantime... no
problem. I'll see if I really need to upgrade to current again as right
now Beta seems to be doing everything I need
I suggest waiting until the actual 7.3 release and install that
(sysupgrade -r) n order that you can install errata patches.
It will be simpler if you do _not_ upgrade to a newer snapshot first -
sysupgrade can't go from a snapshot labelled "7.3" (as they are now)
to the actual release without modifying it.
Great advice, will wait in this case.
Just got off a lengthy phone call with Tier2 tech support at G-Net,
which was a lot of fun!! It's so rare to talk in technical terms with
someone and have them understand you.
That's a good sign.
It's amazing how well this company is willing to deal with what they
consider "vulnerable" people, as I explained about my condition: ASD
(Autism/Asperger's Spectral Disorder - if after all these years you
hadn't guessed already :-) ), and basically they do training to cater
for people with ADD, ADHD, ASD etc....
Currently there is a little confusion in how to setup the block of IP
addresses as I have had to upgrade to a block of 16. Right now my
connection gets a single IPv4 address through ipcp with the rest of the
IP addresses being handled in PF through NAT/PAT mappings. I have
forgotten how it is handled but I am willing to bet that my current ISP
is forwarding those addresses in static routes??
I am wondering if it will be similar except for the gateway IP address
which will need to be provisioned on the WAN facing ethernet interface
along with default 0 dot quaded route, or if I'm going to have to create
sub interfaces for the rest of the provisioned IP addresses?? I am told
that out of the 16 addresses I loose 3 - network, broadcast, gateway ,
so I should have 13 addresses to play around with.
Typically you have pppoe pick up its own address - see examples in
pppoe(4) for this and setting the default route - and configure an
address from the /28 on another network interface on the router.
Exactly how things are done currently as I'm using pppoe - interface
hostname.pppoe0:
inet 0.0.0.0 255.255.255.255 NONE mtu 1492 \
pppoedev em5 authproto chap \
authname '*****' authkey '****' \
up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1
Then the rest of the IP's are handled like so:
match out on $ext_if from { IP or Macro } to any nat-to { IP or Macro }
for outbound.
So if ipcp gets (imaginary) ip address of 1.1.1.1, I can fit the next
one in the block into the PF "match" rule so it becomes:
match out on $ext_if from { 10.10.10.100 } to any nat-to { 1.1.1.2 }
If you will be addressing other machines directly from that /28 (easier)
that would be a physical interface or vlan connected to those machines.
If you're doing that via NAT/rdr-to then you might want to use a vether
interface with one address configured as /28 and the others as /32
aliases.
Not directly addressing. I will use "rdr-to" PF rules. Basically I want
to keep my current configuration as much the same as possible but just
adjust enough to handle the new connection.
I think right now what was said is that I don't get a subnet mask (if I
understood correctly).... so I will need to provision each IP address
with a /32 or 255.255.255.255, even though they will be providing the
network and broadcast addresses.
Had a flick through vether as you suggested... currently I'm unsure to
be honest. Do I need it? As I'm not using that currently for my current
6x IP block...
To be honest my mindset right now is pointing towards the Cisco
sub-interface way of doing things so I'm probably reading and confusing
a lot :-(
I guess it will be needed judging by the description:
DESCRIPTION
The vether interface simulates a normal Ethernet interface by
encapsulating standard network frames with an Ethernet header,
specifically for use as a member in a bridge(4).
To use vether the administrator needs to configure an address onto the
interface so that packets can be routed to it. An Ethernet header
will
be prepended and, if the vether interface is a member of a
bridge(4), the
frame will show up there.
my understanding is that it gets bridged to the parent IF. Maybe it is
similar in a way to the description from "man 4 vlan" particularly I am
pointing out the example:
ifconfig vlan0 parent em0 vnetid 5
where you use the 'parent' clause to define the public facing or egress
interface.
Right now I feel like everything is colliding with each other inside my
head so I will need to take my time on Monday and play to see how to get
this to work.
My actual intention (just to over complicate things), as I don't have
any spare ethernet ports left on my OpenBSD machine is to use a VLAN and
plug the ONT into a spare port on my Cisco 2970 switch, then use the
vlan as the egress interface so that I can keep my current VDSL2
connection alongside until I figure out the necessary config to migrate
fully....
Maybe I'm being too opportunistic here... but it's worth a shot I
guess.... or just buy another NIC :-/
Kaya
