I once setup an invisible (transparent) firewall and gateway, but on two separate boxes. Is it possible to setup invisible firewall and gateway in one box? My idea is to use four (4) NICs, the first two (2) for the invisible firewall bridge, then the output is connected to the third (which serves as the gateway's external NIC), and the fourth (serving as gateway's internal NIC) is where LAN will be connected to.
Internet <==> NIC 1 <---Bridge--> NIC2 <==>NIC3 (GW Ext)<==>NIC4(GW Int)<==> LAN What are the possible arguments for and against this? I thought this up for economic reasons. The downside I see is that it's a single point of failure for the Internet access of LAN. Any suggestions how the pf configuration would look like if it were feasible? Your inputs and feedback will be very much appreciated. Thank you very much!
