Thank you for your comments, Ingo! What you suggest, is what I am currently using. The drawback of this setup is the use of NAT, since I have to use a private address for the PBX. And using NAT with VOIP ist quite error prone. That is why I am looking for a bridge solution.
-Heinrich > On 27. May 2025, at 14:10, Ingo Schwarze <schwa...@usta.de> wrote: > > Hello Heinrich, > > Heinrich Rebehn wrote on Tue, May 27, 2025 at 11:55:00AM +0200: > >> VMX1 = PBX (using provided MAC) >> VMX0 = OpenBSD filtering bridge (using alien MAC) >> hoster's router > > In general, i think that when you have a choice, bridging is more > fragile and less flexible than routing. So, did you consider > using the following alternative setup? It feels more natural > and less contrived to me: > >> PBX (using alien MAC), default gateway to the OpenBSD router >> OpenBSD router (using provided MAC), default gateway to the hoster >> hoster's router > > A side benefit is that if anything should ever go wrong for whatever > unexpected reason and packets should somehow sneak around your OpenBSD > firewall router - directly from your PBX to the hoster - you will get > a very noisy alarm, so you won't miss the problem. > > Another side benefit is that, should you ever need a second DMZ or > internal network, you can connect that to another interface on the > OpenBSD firewall router, such that the OpenBSD box can selectively > allow your various internal nets to communicate to the Internet > and to each other, without everything having to be on the same > Ethernet segment, and without everything having to use the same > MAC address. > > Yours, > Ingo >
