Network question

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Network question

patrick keshishian
Hi Networking gurus,

Say I have /28 address space. Between them and the internet is
pf. Not all of the addresses are in use ATM.

I may have the need to add a couple new servers behind that pf
server within the same /28 range. Problem: I need to have traffic
between the new servers and what already exists filtered through
some pf.

Ideally I would like to put the new servers together on a new
(unmanaged) switch and connect one of the switch's ports to an
available port on the pf machine.

Does there exist a nice way to do this without further sub-dividing
the /28?

Thoughts?
--patrick

Reply | Threaded
Open this post in threaded view
|

Re: Network question

Dag Richards
Seems like it would be pretty straightforward to NAT, no?


                                     /------existing servers /28
EVIL -----  lie agreed upon [Puffy] <
                      \-----new servers on RFC 1918


Would need to know more to make better recommendations.



On 9/4/13 8:24 PM, patrick keshishian wrote:

> Hi Networking gurus,
>
> Say I have /28 address space. Between them and the internet is
> pf. Not all of the addresses are in use ATM.
>
> I may have the need to add a couple new servers behind that pf
> server within the same /28 range. Problem: I need to have traffic
> between the new servers and what already exists filtered through
> some pf.
>
> Ideally I would like to put the new servers together on a new
> (unmanaged) switch and connect one of the switch's ports to an
> available port on the pf machine.
>
> Does there exist a nice way to do this without further sub-dividing
> the /28?
>
> Thoughts?
> --patrick
>


--

IS-IS sleeps.
BGP peers are quiet.
Something must be wrong.

Reply | Threaded
Open this post in threaded view
|

Re: Network question

Denis Fondras
In reply to this post by patrick keshishian
Hi Patrick,

Le 05/09/2013 05:24, patrick keshishian a écrit :
>
> Does there exist a nice way to do this without further sub-dividing
> the /28?
>

I would bridge the Internet-facing interface and the interface that
connects to the switch. This way you can filter with PF without
subnetting your /28.

Denis

Reply | Threaded
Open this post in threaded view
|

Re: Network question

patrick keshishian
On 9/4/13, Denis Fondras <[hidden email]> wrote:

> Hi Patrick,
>
> Le 05/09/2013 05:24, patrick keshishian a écrit :
>>
>> Does there exist a nice way to do this without further sub-dividing
>> the /28?
>>
>
> I would bridge the Internet-facing interface and the interface that
> connects to the switch. This way you can filter with PF without
> subnetting your /28.

I definitely like the bridging idea better than NATing.

Thank you for your response Denis and Dag!

--patrick