I have been succesfully running an OpenBSD firewall which has three network interfaces connected to the same DSL box. I use three of the five public IP addresses that my ISP lets me have. I binat two of those to two hosts in my home network and the third one is used for "regular" nat for the rest of the hosts. Everything has worked well so far.
Now my ISP changed something in their DHCP server/routing scheme. Two of the external interfaces get the same next hop (same IP, same MAC) with DHCP. This causes problems with e.g. ARP. The setup still seems to work somehow (badly, connections are breaking) but I get errors like this: arpresolve: 217.212.252.168: can't allocate llinfo duplicate IP address 80.220.81.184 sent from ethernet address 00:30:18:ae:75:d5 arp: attempt to add entry for 80.220.64.1 on em2 by 00:02:cf:84:83:ff on em0 I tried to solve this by using different routing domains for re0 (home) and em0, em1 and em2 (internet) interfaces, but then it seems I cannot route between the domains even with pf. Otherwise it solved the problem from the firewall-point-of-view. Is there a way to get this kind of a setup to work? Teemu
