[pfSense] routing public IPs to a secondary site
I've been pounding my head against the wall with this for a while now and figured maybe I should ask a more general question hoping someone would have a better idea of how to go about it than I apparently do. My main site has a limited number of IPs. I have a second site with additional IPs. I would like to route traffic to the IPs at the 2nd site to servers at the 1st site. Specifically this is for SSL website hosting, so I only really need to forward port 443. Both sites have a pfSense 2.0.1 firewall. I can dedicate internal IPs, even a private subnet if necessary at the primary site for traffic coming to the servers from the secondary site. I could probably dedicate a single public IP a the primary site, if I am able to redirect the traffic from various IPs onto different ports. I've tried: Creating a GIF tunnel and NATing over that -I've tried various things and the packets do arrive at the primary site, but I'm guessing they don't know how to get back to the secondary site and back out onto the internet... Redirecting to a public IP at the primary site but on a different port. -They don't usually seem to get there The thing that really bugs me is each of the above will work maybe 1 time in 100, but not in any consistent way. Are there any other avenues worth going down? Am I crazy? Should one of the above work and I am just messing something up? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Low(ish) cost pfSense platforms
- Original Message - Greetings list, For many years I've been deploying pfSense on ALIX boards. They've proven to be reliable and a good balance between cost and performance. Price in the UK is about 120 GBP (including PSU and chassis), which means that they're cost-comparable with Draytek's higher end units (which is their primary competition amongst our SME client base). Recently, we've had need to deploy pfSense with more than 3 network interfaces, and unfortunately the ALIX boards seem to top out at 3. A 4-port unit based on the same AMD Geode architecture more than doubles the price to around £250 GBP. Has anyone any suggestions for a 4-port alternative that's closer to the 3-port cost? If you really don't need the throughput of an additional physical NIC, a VLAN capable switch will give you as many 'ports' as you need. :) --Tim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Low(ish) cost pfSense platforms
On 6/8/2012 12:03 PM, Moshe Katz wrote: For small locations, I use refurbished Pentium 4 and Pentium D machines with a bunch of PCI network cards (often Intel dual-port, which can now be found cheap on eBay). It doesn't look (or sound) that same as a little embedded system but it's pretty dependable. While these are decent enough boxes in terms of their processor power (enough to run some VPNs and whatnot at decent speeds), the whole P4 and P-D line are very power hungry in terms of their CPUs. So they're not horrible choices (Mine is running on a P4 right now), but they're not my first choice. Still, the upfront cost for these beasts is cheap, going newer enough to cut power may not be worth it. I've tried a couple Atom based systems and had nothing but issues, primarily ACPI compatibility, so I've given up going that route and just stuck with the P4 until something better shows up. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
