Best Instalation for single wan network + farm server

amartini

Hey guys!

I am working with a new client that has a really mess up configuration.

He doesnt have a firewall on his network, he has all his public network configured as front end network on his servers.

Now he wants to do something like that:

datacenter switch
        l          l
        l          l
      pfs01–-pfs02
        l          l
        l          l
      local switch
        l          l
        l          l
      F. End      B. End

He want to use the pfsense to protect his farm server (with public address), and also the wan with public address.

On my mind, this is going to use 6 public address just to configure the pfsenses (2 for the WANs, 2 for the LANs, 2 for CARPs).

Is there another way to do this without using that much of public IP?

johnpoz

why would his servers need public once you put behind pfsense.. Just port forward the ports he needs.. If needs a lot of them just do a 1:1 nat.

cistech

And BTW, CARP can't be used with private IPs? or is necessary to use public IPs?

KOM

Of course you can use CARP with private IPs or you would never get a HA config working.