I've built a 1.2.3RC3 box on beforementioned Supermicro dual-core Atom box with an Intel dual-port server NIC and a 2 GByte Transcend DoM (some 200 EUR the Supermicro kit, 35 EUR memory, and 100 EUR the dual-port Intel NIC, the DoM is some 20-30 EUR IIRC).
All four NICs (onboard Realteks and Intel) are apparently fully functional. The box is reasonably quiet, and probably not underventilated if it's not sandwiched between two other rackmounts (it does have enough fan headers on the motherboard to rectify that potential problem, though no fan mounts; hotglue would probably do). I've assigned WAN and LAN to the Intel NIC, and will use the Realteks for pfsync, redundancy and the like. Now the question, assuming I have a /24 network on WAN, what is the optimal routing setup if I want to go carp+pfsync eventually fully redundant? I'm currently running two mini-ITX C3 boxes in a poor man's failover setup, both as transparent bridges, with one disabled through STP or other loop-detection feature. So what do I do with my /24? Private IP space behind LAN, and 1:1 for every address? (That would be pretty difficult to recover from should my firewall die, right now every box has public IPs and can be fully routed even though then directly exposed to the hostile Internet). -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
