I am at the last step of setting up a screened perimeter network. The
inner gateway, which shields the LAN and provides Internet access, is
running OpenBSD, as is the outer bridge. The latter is what I need help
with.
We have a fractional T1 with voice and data. The data is split from an
Adtran unit using a V35 interface to a 3COM router. Although I would
prefer a different arrangement, this is what I have to work with.
Now I don't really want to filter with the 3COM unit, because it is
proprietary and a royal pain. I guess I will if I have to, but I would
much prefer to put a OpenBSD machine between the 3COM unit and
everything else to do filtering:
[3COM]
|
|
[OpenBSD:Filter]
|
|
--------------
| Perimeter |---[OpenBSD:Servers]
--------------
|
|
[OBSD:NAT] //Works just fine
|
-------------
| LAN |
-------------
The OpenBSD:NAT is working great, as are all the servers---mail, DNS,
and Web. But I don't know how to approach setting up the OpenBSD:Filter
in the middle. I configured it as a bridge, which does the job, but it
is incredibly slow---it bottlenecks. When I put it in, going out through
the NAT machine really drags. I even defaulted all the filtering to
'pass in all,' but to no increase in performance.
Any suggestions? I have a /27 range of addresses. So I need to listen to
all traffic coming in and going out. Is there something I can do to
either optimize the bridge or use another configuration to do the
filtering?
|