[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

transparent plus nat on same firewall?

Hello pf,
  Now that I have a VLAN capable switch (a 3C0m SS2 3300) and the
Realtek NICs support it (a pleasant surprise) I've implemented my LAN
and DMZ on VLANs. So now I have a 4 NIC firewall but I'm actually using
only 2. So I thought: what if I do a bridged transparent filtering on
two NICs and use the other through VLANs to have multiple DMZ?
  For and ASCII art representation:
CableMobem----RL0-[ bridge ]-RL1--[crossed patch]
                  [        ]
                  [Firewall]RL2---------|                  [        ]RL3-------[VLAN Switch]
  Would it be worth doing (besides the "because I can")? Would it be any
more secure than simply filtering on RL0? Since I have DHCP I think I
might be a PITA to configure correctly. Besides, can the bridge filter
the non IPv4/IPv6 packets (my understanding is that no)?
  The nice point would be that I will have to make a pf.conf with almost
all the example techniques applied :-)
Best regards,
 Alejandro Belluscio