Jason Dixon escreveu: > On Fri, Jul 11, 2008 at 10:10:04PM -0400, Geoff Steckel wrote: > >> Jason Dixon wrote: >> >>> On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote: >>> >>>> Hi misc, >>>> >>>> I'm currently looking for hardware alternatives for firewalls that >>>> should have more than four NICs. >>>> >>> Why could you possibly need 6 physical interfaces? Even if you have a >>> failover pair of firewalls and switches, with a dedicated pfsync >>> interface, you could get by easily with three interfaces. The first two >>> interfaces are trunked, one to each switch. Use vlan(4) interfaces with >>> carp(4) on top of that. Your third interface would crossover between >>> firewalls for private pfsync traffic. >>> >> Hmmmm. "Why would you ever want to do that?" - really not a good thing >> to say to someone... Saying that means you lack respect for the person >> or lack imagination. "What are you using them for" is a better response. >> > > >> I've frequently used 5 ports on my firewall for multiple isolated subnets. >> > > That you frequently use 5 ports on your firewall shows a lack of respect > for your switches, or a lack of imagination. > > Wow... I've used 5 interfaces also, but for different internet links. Try do multi routing when you have lot's of different ip's of different ranges on the same if. Your pf rules will be a mess and, in some cases, it just does not work. Also, it is like we never heard of switch vulnerabilities allowing people on one vlan to see traffic of other vlans. Blindly trusting the switches is like being driven by a blind guy, it can crash every moment. I believe that there is a reason for everything, even using lots of network cards. Martin, i believe that using 4-port cards can have it benefits. Heard a lot of good things from the intel 4-port cards. Also, their performance isn't hit that hard, because the intel one s are pci-e.
My regards, -- Giancarlo Razzolini http://lock.razzolini.adm.br Linux User 172199 Red Hat Certified Engineer no:804006389722501 Verify:https://www.redhat.com/certification/rhce/current/ Moleque Sem Conteudo Numero #002 OpenBSD Stable Ubuntu 8.04 Hardy Herom 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85