3 NICs: how should I divvy them up?
-
I have pfSense 1.2.3 on an ALIX 2d3 (500MHz and 256MB RAM). I've setup the following:
vr0: WAN
vr1: OPT1 (parent to VLAN 10 "workstations" and VLAN 20 "printers")
vr2: LAN (10.0.0.1/24)According to the docs and the book, the DMZ should be assigned to a separate physical interface and switch fabric to mitigate against possible misconfiguration and/or "VLAN hopping".
Unfortunately I'm all out of ports. Should I use the LAN interface? Do I even need it? I could setup a small subnet as VLAN 30 called "admin" or something and only grant pfSense web access. Or maybe as the "default" VLAN 1 and have an access port on both switches for strictly pfSense GUI access and/or switch management?
Not sure the best use of my (limited) physical interfaces. Thanks.
-
Well you have to decide yourself if you really need the LAN interface.
You could also put the LAN on a VLAN on vr1 and have the DMZ alone on vr2.