Hello Heinrich, Heinrich Rebehn wrote on Tue, May 27, 2025 at 11:55:00AM +0200:
> VMX1 = PBX (using provided MAC) > VMX0 = OpenBSD filtering bridge (using alien MAC) > hoster's router In general, i think that when you have a choice, bridging is more fragile and less flexible than routing. So, did you consider using the following alternative setup? It feels more natural and less contrived to me: > PBX (using alien MAC), default gateway to the OpenBSD router > OpenBSD router (using provided MAC), default gateway to the hoster > hoster's router A side benefit is that if anything should ever go wrong for whatever unexpected reason and packets should somehow sneak around your OpenBSD firewall router - directly from your PBX to the hoster - you will get a very noisy alarm, so you won't miss the problem. Another side benefit is that, should you ever need a second DMZ or internal network, you can connect that to another interface on the OpenBSD firewall router, such that the OpenBSD box can selectively allow your various internal nets to communicate to the Internet and to each other, without everything having to be on the same Ethernet segment, and without everything having to use the same MAC address. Yours, Ingo
