New install, Multi Wan ips/ CARP and transparent bridging.. What to do?



  • This is my first time to post and I have read over this forum for a couple of days but cant find exact answers to the installation I am attempting.

    I have already built 2 installs of pfSense as tests and have basic functionality and NAt etc working.

    What I want to do for my permenant install is as follows.

    I have a DSL+ line with 10 static public ips,
    I have an SDSL line with 10 static public ips.
    I have 4 interfaces in my firewall at my disposal.
    I have a cluster of 8 H-Sphere web servers running with NAT behind my current Smoothwall Firewall.
    I wish to replace Smoothwall with pfSense and change my web server cluser from NAT to Public ips.
    I then wish to convert my Smoothwall firewall to a second pfSense firewall for failover / loadbalancing
    I understand that I have to put the pfsense firewall into transparent mode and bridge it with the Wan interface to route the 10 public ips from my SDSL line to my internal webservers.

    Of the 4 interfaces in my pfSense firewall I plan to set it up as follows:

    if1: Wan
    if2: Lan (management)
    if3: WebServers (bridged with wan)
    if4: CARP interface for failover / loadbalancing.

    My questions are:
    Is it possible to have CARP failover between 2 firewalls if they are both operating in bridged mode between wan and opt1 interfaces?
    Is it possible to loadbalance between 2 firewalls if they are both operating in bridged mode between wan and opt1 interfaces?
    Do I have to assign my 10 virtual ips to my pfSense if I am not using NAT?
    Am I to use the rules options under Firewall to control traffic from the wan to the webservers?
    Is it possilble to forward lets say port 80 on the wan to port 8080 on a webserver when in bridged mode?
    Where do I start with all this?

    Any help / advice / criticism is welcomed.


Locked