On Wed, Sep 21, 2011 at 5:13 AM, David Brown <[email protected]> wrote:
> First, on the Linux system I have two hard disks, each with two partitions. > The first partition on each is set as a software RAID1 and contains the OS, > configuration, data, etc. The second partition on each is separate and > contains a squid cache. Thus the system will boot and run fine even if one > disk fails (losing half the squid cache will not be harmful). Can I do > something similar with pfSense? I know a great deal about Linux software > raid, but nothing about FreeBSD. FreeBSD does soft RAID, but I can't tell you the state of it in pfsense. Somebody here will chime in. > I make use of VLANs on switches to control different subnets for parts of > our LAN, server networks, etc. On some of these, the router has more than > one alias. This means I have network "interfaces" with names like > "eth0.12:2" in Linux (second alias on VLAN 12 connected to the first > physical ethernet card). In some cases there is more than one alias on the > same subnet (192.168.0.1 and 192.168.0.2), but mostly they are on different > subnets on the same VLAN. I know pfSense is flexible about VLANs - but is > it /that/ flexible? pfsense supports vlans and IP aliases right in the GUI. No problem here. > I have two WAN connections. One is a symmetric link (10/10), the other is > ADSL (8/1). I would like to set these up so that the symmetric link is the > main link, with the ADSL as backup. But http traffic can be balanced > between them. Can I arrange that? Yes. > On one of the WAN connections, I have several IP addresses (a /28 subnet). > Several services coming in on these IP addresses need to be NAT'ed to > different internal servers, depending on the port and the IP address > targeted. It is important that replies from the internal servers get > returned from the same IP as originally targeted. Will that work with > pfSense? I believe virtual IPs (VIP) would take care of that in pfsense. > I have two OpenVPN servers on the current system, running on different > ports. Clients on these have access to different servers. Can I have > several OpenVPN servers configured with pfSense? Yes. > I would also like to set up an OpenVPN "hub" to handle communication between > external OpenVPN servers and clients. Some of my company's clients have > OpenVPN servers or clients that some of our employee's need access to. My > idea is that the employee will connect to the "hub" (the pfSense system) > with OpenVPN, as will the customers' OpenVPN clients. The "hub" will also > connect to the customers' OpenVPN servers (some have servers, others have > clients). I would like to be able to set up firewalling rules allowing the > employees access to the customers' systems, but customers' systems will not > be able to access each other (or other interfaces on the firewall/router). > Is that going to be possible? Will it be possible to get alerts (SMTP) or > logs when these OpenVPN connections come and go? I believe the routing and firewalling between VPN networks is possible. Not sure about notifications from the GUI, although you can do what you like in the shell. > The box is also a DHCP server on various networks, with some static assigned > addresses and some range-based. I presume that's fine for pfSense? And > that it integrates with the DNS server on pfSense? Yes. > I am seriously considering getting two pfSense boxes with CARP failover. > Does this require identical hardware on the two systems (or perhaps just > identical network card setups)? I don't think this is a requirement for CARP. > How much information is passed over the > link between the boxes - does it cover all setup, configuration, rules, dhcp > leases, etc.? How often does this synchronisation take place? Not sure. > Am I correct > in thinking that each box needs its own individual IP address on each > network interface (including VLAN interfaces), and they share one or more > CARP aliases? I believe that's correct. Have fun playing. pfsense is a powerful platform and the GUI makes it very easy to pick up. db _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
