[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
transparent plus nat on same firewall?
Now that I have a VLAN capable switch (a 3C0m SS2 3300) and the
Realtek NICs support it (a pleasant surprise) I've implemented my LAN
and DMZ on VLANs. So now I have a 4 NIC firewall but I'm actually using
only 2. So I thought: what if I do a bridged transparent filtering on
two NICs and use the other through VLANs to have multiple DMZ?
For and ASCII art representation:
CableMobem----RL0-[ bridge ]-RL1--[crossed patch]
[Firewall]RL2---------| [ ]RL3-------[VLAN Switch]
Would it be worth doing (besides the "because I can")? Would it be any
more secure than simply filtering on RL0? Since I have DHCP I think I
might be a PITA to configure correctly. Besides, can the bridge filter
the non IPv4/IPv6 packets (my understanding is that no)?
The nice point would be that I will have to make a pf.conf with almost
all the example techniques applied :-)