On 8/15/06, Tito Mari Francis Escaqo <[EMAIL PROTECTED]> wrote:
I once setup an invisible (transparent) firewall and gateway, but on two separate boxes.
What is "transparent"? It can never be fully transparent, because the LAN machines will always at least need to be told where the gateway is. I'm guessing you mean "no NAT", then, and sure it's possible so long as you have the external IP addresses available to use.
Is it possible to setup invisible firewall and gateway in one box? My idea is to use four (4) NICs, the first two (2) for the invisible firewall bridge, then the output is connected to the third (which serves as the gateway's external NIC), and the fourth (serving as gateway's internal NIC) is where LAN will be connected to. Internet <==> NIC 1 <---Bridge--> NIC2 <==>NIC3 (GW Ext)<==>NIC4(GW Int)<==> LAN What are the possible arguments for and against this? I thought this up for economic reasons. The downside I see is that it's a single point of failure for the Internet access of LAN.
Sure, but plenty of residential set ups get away with that (i.e. the 40$ SOHO routers from Dlink and friends). And if you really care about single-points-of-failure look into carp(4); your old system had, by the way, *two* single points of failure.
Any suggestions how the pf configuration would look like if it were feasible? Your inputs and feedback will be very much appreciated. Thank you very much!
It would look like it looked before. Maybe I misunderstood your question, because I don't feel like I've given a very informative answer. Could you clarify what you mean? -Nick
