[geeks] Four-port PCI Ethernet?
der Mouse
mouse at Rodents-Montreal.ORG
Tue Jul 6 14:35:57 CDT 2010
>> It's not quite what you asked for, but have you considered using a
>> single interface, 802.1q-trunked to (and broken out via) a
>> vlan-capable switch?
> Well, the problems there would be (a) I don't have a vlan-capable
> switch,
Well, it's possible that such a switch could come cheaper than a
quad-port card. (If you can live without any GigE ports, you may even
find one for the carrying away.) Of course, it comes with other costs,
such as a power feed and physical space; how relevant those are would
be things you'd have to think about when considering the possibility.
> (b) as far as I know pf cannot reflect a packet back out on the same
> interface it came in on,
As far as pf is concerned, they wouldn't be; pf would be operating on
the vlan (pseudo-)interfaces, not the underlying interface. At least,
unless your OS is something extraordinarily funky. While you don't
quite say what you're running, the implication that it's OpenBSD is
pretty strong, and, while I don't run Open myself, I think that's how
vlans work for them.
> and (c) I can't quite see how that would work for a firewall.
Same as for any other machine: you bring up the vlan interfaces, then
forget you even _have_ the underlying fxp or whatever it is - you just
route and/or filter and/or whatever between vlan0 and vlan1 and vlan2
same as you would between fxp0 and fxp1 and fxp2.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the geeks
mailing list