Hm. Strange. As I understand DHCP relay should be run in addition to
Pass-through mode if DHCP is used. But I'm not sure how to set one up.
1:1 NAT is an option but I'd like to keep private IPs internally.
I of course could set pfsense to "router" mode but I guess kind of
bridging is what I'd like the most.
Basically I'm concerned about "what if it fails?" - keeping same as
external IPs would allow me to simply take of pfSense and temporary use
local firewalls. It is not great but better than having it down.
After thinking further, I think I'd recommend the NAT, myself - that
way, should one of your internal hosts fail, it would be a rather simple
operation to map it's external IP to another internal host's internal IP.
You'd either set up a mapping between, say, 192.168.0.1/29 and your
external block. pfSense would then map 192.168.0.1 to your first
external up through 192.168.0.8 to your last; you could also do that
mapping manually, it's really up to you. You'd still maintain the
internal private IPs, and would probably want to set up your internal
DNS to point to them instead of your external ones, but (depending on
what firewall rules you set up) will have access to each one of them via
their independent external IPs.
That, and I too recommend putting up two firewalls and CARPing between
them - even with reasonably cheap hardware, you're going to get far
greater reliability and easier maintenance than with one really
expensive, really good piece of hardware. If your concern is
availability, that, by far, is the way to go.
RB
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
