So I am up and running with opnSense. It seems... fine? I don't know. I'm just poking around with it at the moment -- double NAT-ing a single machine for the moment, while I check it out.
Which brings me to the next question -- or rather, set of questions...
The intent is to put my ISP-provided MoCA router into bridge mode, followed by the FW (on the WAN port, port0). From FW/port1, I go into a (new) wifi/8-port ethernet router. From FW/port2, I go to my DMZ host (or hosts, as they're VMs running on a single machine). I expect to create a VLAN for each of FW/port1 and FW/port2. What role should the router play? Do I set it as a bridge with DHCP relay, and let the FW act as DHCP server/etc for both VLANs (and their respective subnets)? Or do I let the router be the DHCP server for the LAN? It seems to me that I ought to do the latter -- let the FW dole out IP addresses to machines it's in direct connection with, let the router dole out IP addresses to machines it's in direct connection with.
Is this a 6-of-one, half-dozen of the other type thing?
Previous Topic
Index
