[pfSense-discussion] Hints on no firewall and bridge

2010-07-04 Thread Tonix (Antonio Nati)

First question.
We are planning to use PFsense as frontend gateway routing to customers 
subnets, and in such architecture, we could use pfsense as pure routing 
device, except we want to protect the LAN network.
Does the disable firewall option exclude completely any NAT or 
filtering rules, without any possibility to protect the LAN interface?


Second question.
We may have one frontend Internet link doubled on two FE switches (using 
redundant switches and spanning tree features), so if one FE switch 
fails, we can have the connection on the other FE switch.


Apart of using a master/slave couple of fw, we are evaluating if to 
bridge two interfaces, for each FW, placed on both FE switches.


Link ---
   --- SW1  em0 (pf1-em0)
   --- SW2  em1 (pf1-em1 bridged to em0)

In such a case, the bridging feature on PFsense, can handle the trick? 
In case of SW1 failure, can states open on interface em0 work also on 
interface em1-bridged-to em-0?


I hope I've been clear.
Any suggestion/hint?

Thanks,

Tonino


--

   in...@zioniInterazioni di Antonio Nati 
  http://www.interazioni.it  to...@interazioni.it   




-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense-discussion] Hints on no firewall and bridge

2010-07-04 Thread Chris Buechler
On Sun, Jul 4, 2010 at 5:46 AM, Tonix (Antonio Nati)
to...@interazioni.it wrote:
 First question.
 We are planning to use PFsense as frontend gateway routing to customers
 subnets, and in such architecture, we could use pfsense as pure routing
 device, except we want to protect the LAN network.
 Does the disable firewall option exclude completely any NAT or filtering
 rules, without any possibility to protect the LAN interface?


Yes.


 Second question.
 We may have one frontend Internet link doubled on two FE switches (using
 redundant switches and spanning tree features), so if one FE switch fails,
 we can have the connection on the other FE switch.

 Apart of using a master/slave couple of fw, we are evaluating if to bridge
 two interfaces, for each FW, placed on both FE switches.

 Link ---
   --- SW1  em0 (pf1-em0)
   --- SW2  em1 (pf1-em1 bridged to em0)

 In such a case, the bridging feature on PFsense, can handle the trick? In
 case of SW1 failure, can states open on interface em0 work also on interface
 em1-bridged-to em-0?


Never tried anything like that on a single system, it works with two
systems using CARP (with proper STP or a devd script to up/down the
bridge accordingly). Not sure if the states would failover correctly
with one system.

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense-discussion] 10gbe adapters

2010-07-04 Thread Tonix (Antonio Nati)

Jorge Fábregas ha scritto:

On Sunday 04 July 2010 05:21:23 Tonix (Antonio Nati) wrote:
  

Is there any 10gbe adapter currently working with pfsense?
Is there anyone using 10gbe adapters?



Hi, I haven't used them but check the Freebsd 7.2  HCL:

http://www.pfsense.org/index.php?viewid=46Itemid=51

I see there are couple of 10Gb cards from Intel.

  
Actually, I tried an Intel Pro/10bge CX4 card, but after boot I did not 
see any new card in the install phase.

Should I add a
   if_ixgb_load=YES in loader.conf?

Thanks,

Tonino


HTH,
Jorge

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org


  



--

   in...@zioniInterazioni di Antonio Nati 
  http://www.interazioni.it  to...@interazioni.it