On 9/11/09 11:17 PM, Eugen Leitl wrote:
So what do I do with my /24? Private IP space behind LAN, and 1:1 for every address? (That would be pretty difficult to recover from should my firewall die, right now every box has public IPs and can be fully routed even though then directly exposed to the hostile Internet).
What you describe is exactly what we are in the process of rolling out, although we are using a different (higher powered) Supermicro server. They make a nice 1RU (half depth) unit with 4 NICs on the front panel. I don't think the private IP space will make it that much harder to recover from, unless you lose both your firewalls at once. And on the plus side you get to pass that stupid NAT requirement in the PCI DSS if you have to handle credit cards. Ari -- --------------------------> ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org