Phusion wrote: > I have a cable connection at home and was wondering if the following > would work. If I put a Cisco 851 series router in front of a pair of > Soekris firewalls running OpenBSD using CARP and pfsync. So the Cisco > router would get a dynamic WAN IP and have a static LAN IP. The two > Soekris firewalls would sit behind it. Behind the redundant firewalls > would be the network. How could I get the computers behind the > firewall Internet access? Also would port forwarding work? The thing > is that I don't have a static IP address. Let me know. > > Why do you want the router on the cable side? Also, I don't really understand the need for redundant firewalls (especially for a home network). I would expect the soekris box to be one of the least likely points of failure. CARP and pfsync sounds like overkill.
I have a soekris 4801 with a 20Gig HD and a CM9 wireless card. It runs FreeBSD 6.1 RC1 and acts as a NATting firewall, mail server with SPAM detection, IMAP server, asterisk PBX, DNS server, and DynDNS client. My cable connection comes into one of the soekris ethernet ports. This has a dynamic IP address allocated by my cable provider. The soekris box uses dyndns.org to give itself a name. Another soekris ethernet port is connected to a simple 8 port hub which connects to all my wired devices (a Windows desktop, a headless FreeBSD server, a Windows digital video recorder, an IP phone, and an analogue telephone adapter). My wife's laptop connects wirelessly. The wired and wireless networks have static IP addresses and are bridged by the soekris box. The devices on the wired and wireless networks have their default gateway set to the static IP address of the soekris box. It routes and NATs for all of them out and in the cable connection. Does that sound like what you're after. I can give you more details if you want. Graham
