heya,
i have fixed public IPs and i have ADSL using PPPoE. i would like to make things
very redundant, so that if any one piece of hardware craps out, there will be a
failover. i have conceived of a setup and am wondering if anyone can suggest
improvements or tell me if it just won't work. here it is:
################### ###############
# ADSL modem in #------# fw1 #
# bridging mode # # pub IP = X #
################### # doing PPPoE #
| ###############
| |
############### |
# fw2 # ###############
# pub IP = Y #----------# switch #
# doing PPPoE # ###############
###############
in this case i would have carp0 as my external interface with another fixed
public IP (i have a /29), Z, pfsync between fw1 and fw2 and carp1 with private
IPs on the internal network. i am not sure this can be done, as i have not yet
had the opportunity to set my router/modem into bridging mode to test this. i am
also not sure if i can have two hosts negotiating PPPoE behind the bridging
modem at the same time. i am also not sure if the in-kernel pppoe supports
fixing an IP address as part of the PPPoE negotiation or if it pulls it
automatically from the ISP upon negotiation. i would like to be able to fix the
IPs X, Y and Z (in above diagram).
if this is not doable and i need a single machine on my DSL line negotiating
PPPoE, would having DSL service through another phone number/line at the same
location provide me with the redundancy i desire? this seems to point to trunk
and ifstated, but i'm not sure.
my motivation for doing this is to have public IPs on my firewalls, so they can
be my VPN gateways, as opposed to having to port forward everything into my
private network or using the router (netopia cayman 3546-002). i'm trying to get
the port forwarding VPN setup to work, but it doesn't work quite right. another
reason for doing this is to work towards removing the ADSL modem as a single
point of failure which i don't think i can achieve without a different
connection or 2 phone lines each with DSL service.
cheers,
jake
