Thanks for the tip, I'm not too sure about this stp stuff, because I always think twice before doing that kind of stuff, I've had my share of network loops not being always well-handled by switch hardware. On the other hand I've read from m0n0wall's forum that it is feasible. so if it's the way to go, I'll go. Last, (I don't wan't to start flame war, please), as all I want to do is transparent FW, maybe I should go for m0n0wall instead of pfsense. The drawback of monowall being that it won't support smp, thus making me stick to a single celeron 3.33 Ghz, and running freebsd 4.2 (will the double-port intel pcie card be supported ?).regards
> Date: Fri, 10 Aug 2007 23:49:13 +0100> From: [EMAIL PROTECTED]> To: > [email protected]> Subject: Re: [pfSense Support] performance on a PE860> > > jamona perez wrote:> > Okay, I did not realize that, this is really helpful > info. Thinking > > about it for 2 minutes I just realized that a in bridge > mode, the WAN > > does not "really" have an IP address, does it ? so carp has > no IP > > failover to do whatsoever.> > Please Correct me if I'm wrong.> > So > if the best I can do is having a "spare" box standing by to get > > fired up > if the other goes down ,it's what i'm going to do. But if you > > can think > of any mecanism (similar to linux heartbeat) that can sit > > here waiting > for the other side to fail, then take the appropriate > > measure (read > "configurable" like starting the proper services) to > > ensure > high-availability of such a system, I'll be more that glad to > > hear about > it.> > > If pfSense will allow you to pass STP frames across it, you could > just > put two pfSense boxes in parallel like so> > EXTERNAL SWITCH> FA0/1 > FA0/2> | |> | |> FW1--SYNC-- FW2> | |> | |> FA0/1 FA0/2> INTERNAL SWITCH> > > > > Assuming that STP will pass the packets, you should have no issues in > > this configuration. STP will put the ports of FA0/2 into blocking mode, > and > no traffic will pass unless traffic stops flowing across FA0/1 (yes, > i have > just realised that you were probably meaning gig interfaces, but > i did the > diagram already :P)> > Someone else here will probably better know wether or > not you can pass > STP across pfSense correctly...> > You might also want to > use two more interfaces for management? (don't > give the firewalls IPs on > the bridge, so that FW2 is still accessable > when the links are blocking!)> > > adam.> > > ---------------------------------------------------------------------> To > unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: > [EMAIL PROTECTED]> _________________________________________________________________ Windows Live Messenger vous offre 30 nouvelles émoticônes gratuites, installées directement dans votre Messenger ! http://www.emoticones-messenger.fr/
