I'm running OpenBSD as an IP less bridge between a DMZ and a protected
internet. The protection comes from using a set of pf rules on the
exterior interface of the bridge. My pf rules block all traffic on UDP/
67 and UDP/68 from traversing the bridge so I currently run two DHCP
servers, one in the DMZ and one on the protected network. I'd like to
run dhcrelay on the bridge and add some sort of token to dhcp requests
coming from the DMZ (From new and test servers) so I a can
differentiate them from dhcp requests on the protected network.
Basically I'd like to hand out addresses from one IP range on the DMZ
and from another IP range on the protected network.
I'd imagine that to start I'd want to configure dhcrelay to startup
similar to:
# dhcrelay -i ${dmz_if} ${prot_dhcp_server}
but how do I set this up to differentiate the requests from one another.
Has anyone done this before?
-- Chris
Chris Hilton tildeChris -- http://myblog.vindaloo.com
email -- chris/at/vindaloo/
dot/com
.~
~
.--.~
~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.
"I'm on the outside looking inside, What do
I see?
Much confusion, disillution, all
around me."
-- Ian McDonald / Peter
Sinfield
