Thank you, Theo (and everyone else who worked on it) for vether.
It works beautifully. My firewall now can run with two interfaces
where it needed three before and my pf.conf is 30 lines shorter with
simpler rules.
The configuration is wan <-> sk0 <-> bridge <-> re0 <-> lan
^
|
vether0 <-> firewall internal
where sk0 and re0 have no IP assigned
and vether0 has all of the firewall's IP addresses.
This is necessary because Verizon assigned me xxx.178 through 181
routing through .1 - there is no "transit" subnet between the
firewall and the remote router, so the firewall IP must be visible
both on the WAN and LAN.
This is one more step which makes OpenBSD cleaner & easier to use
as a network gateway.
geoff steckel
curmudgeon for hire
gwes at oat dot com
