On Sat, Jan 27, 2007 at 05:17:04PM +0000, John . wrote: > Hello list, > > I have an older openbsd 3.5 system that is running well just as a > firewall NAT router, with 3 interfaces on it. > > Behind (and protected by) this is another machine. This particular > machine was in use as a shell box, running ssh, web and mail under > FreeBSD. I have converted it to OpenBSD 4.0. > It gets lots of mail, and it has about 30 users on it. It has one NIC. > I want to use PF to control spam. > > Question is, the pf.conf seems to want 2 interfaces in order to do > this.. Is it permissable to set int_if and ext_if to be the same (same > IP) or should I clone the interface? or is there another way that I > haven't thought of?
The 4.0 stock pf.conf doesn't need two interfaces for spamd. If you look closely you'll see everything for spamd is using $ext_if. The $int_if is there as example for other uses (ftp-proxy). Since you've brought up that you also have a 3.5 box... get that up to date! If all it's doing is NAT/firewall/routing then you should be able to get this up to 4.0 with minimum hassle, as in install a fresh 4.0 and reintroduce your pf and routing configuration. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/darrin/ |
