[pfSense-discussion] Hints on no firewall and bridge
First question. We are planning to use PFsense as frontend gateway routing to customers subnets, and in such architecture, we could use pfsense as pure routing device, except we want to protect the LAN network. Does the disable firewall option exclude completely any NAT or filtering rules, without any possibility to protect the LAN interface? Second question. We may have one frontend Internet link doubled on two FE switches (using redundant switches and spanning tree features), so if one FE switch fails, we can have the connection on the other FE switch. Apart of using a master/slave couple of fw, we are evaluating if to bridge two interfaces, for each FW, placed on both FE switches. Link --- --- SW1 em0 (pf1-em0) --- SW2 em1 (pf1-em1 bridged to em0) In such a case, the bridging feature on PFsense, can handle the trick? In case of SW1 failure, can states open on interface em0 work also on interface em1-bridged-to em-0? I hope I've been clear. Any suggestion/hint? Thanks, Tonino -- in...@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] Hints on no firewall and bridge
On Sun, Jul 4, 2010 at 5:46 AM, Tonix (Antonio Nati) to...@interazioni.it wrote: First question. We are planning to use PFsense as frontend gateway routing to customers subnets, and in such architecture, we could use pfsense as pure routing device, except we want to protect the LAN network. Does the disable firewall option exclude completely any NAT or filtering rules, without any possibility to protect the LAN interface? Yes. Second question. We may have one frontend Internet link doubled on two FE switches (using redundant switches and spanning tree features), so if one FE switch fails, we can have the connection on the other FE switch. Apart of using a master/slave couple of fw, we are evaluating if to bridge two interfaces, for each FW, placed on both FE switches. Link --- --- SW1 em0 (pf1-em0) --- SW2 em1 (pf1-em1 bridged to em0) In such a case, the bridging feature on PFsense, can handle the trick? In case of SW1 failure, can states open on interface em0 work also on interface em1-bridged-to em-0? Never tried anything like that on a single system, it works with two systems using CARP (with proper STP or a devd script to up/down the bridge accordingly). Not sure if the states would failover correctly with one system. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] 10gbe adapters
Jorge Fábregas ha scritto: On Sunday 04 July 2010 05:21:23 Tonix (Antonio Nati) wrote: Is there any 10gbe adapter currently working with pfsense? Is there anyone using 10gbe adapters? Hi, I haven't used them but check the Freebsd 7.2 HCL: http://www.pfsense.org/index.php?viewid=46Itemid=51 I see there are couple of 10Gb cards from Intel. Actually, I tried an Intel Pro/10bge CX4 card, but after boot I did not see any new card in the install phase. Should I add a if_ixgb_load=YES in loader.conf? Thanks, Tonino HTH, Jorge - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- in...@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it