I've built a 1.2.3RC3 box on beforementioned Supermicro
dual-core Atom box with an Intel dual-port server NIC
and a 2 GByte Transcend DoM (some 200 EUR the Supermicro
kit, 35 EUR memory, and 100 EUR the dual-port Intel
NIC, the DoM is some 20-30 EUR IIRC).

All four NICs (onboard Realteks and Intel) are apparently 
fully functional.
The box is reasonably quiet, and probably not underventilated
if it's not sandwiched between two other rackmounts (it
does have enough fan headers on the motherboard to rectify
that potential problem, though no fan mounts; hotglue would
probably do).

I've assigned WAN and LAN to the Intel NIC, and will use
the Realteks for pfsync, redundancy and the like.

Now the question, assuming I have a /24 network on WAN, what is
the optimal routing setup if I want to go carp+pfsync
eventually fully redundant? I'm currently running two 
mini-ITX C3 boxes in a poor man's failover setup, both 
as transparent bridges, with one disabled through STP
or other loop-detection feature.

So what do I do with my /24? Private IP space behind
LAN, and 1:1 for every address? (That would be pretty
difficult to recover from should my firewall die, right
now every box has public IPs and can be fully routed
even though then directly exposed to the hostile 

Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Reply via email to