Re: newbie advice question - pf in front of multiple comps...

Jason Dixon wrote:
however, someone at my work wants me to install a
firewall at a colo site - in front of say, six
machines, all with public internet routable

You want a bridge. It operates at layer 2, so there's no translation occurring.

About one year ago I set up a bridge in a similar configuration.

My experience was that the bridge put a real hamper on performance if you don't get good NIC's. We went from 3Com 905's to Intel 1000MT's and saw a significant, measurable increase in bandwidth over the bridge.

The OpenBSD computer itself was pretty low-budget, and this undoubtably had some effect, but again, big difference once we upgraded the NIC's. YMMV.