Bridges

From securityrouter.org, an OpenBSD-based firewall
Revision as of 21:02, 26 March 2014 by Fredrik (talk | contribs)
Jump to: navigation, search

A bridge works like a transparent switch between two or more interfaces and clients on either side of the bridge can communicate with each other exactly as if they were on the same network.

Below is a complete example in plain-text for bridging two local interfaces with each other and sharing the same DHCP Server and firewall rules. Pay particular attention to the fact that the vr2 interface does not have any IP address assigned to it.

firewall {
	pass quick on lan label LAN
	pass in log quick on mgmt proto tcp to (mgmt) port {$mgmt_ports} label management
	match out on wan inet nat-to (wan:0) label NAT
	pass out quick on wan label outbound
}
interface bridge0 {
	firewall {
		skip
	}
	member vr1
	member vr2
}
interface vr0 {
	description "Internet"
	group "wan"
	dhcp-client
}
interface vr1 {
	description "LAN"
	group "lan"
	group "mgmt"
	address 192.168.1.1/24
	dhcp-server {
	}
}
interface vr2 {
	group "lan"
	group "mgmt"
}
system {
	authentication {
		user "admin" {
			password "admin"
		}
	}
	dns {
		name-server 8.8.8.8
	}
	http-server
	ssh-server
}