From owner-freebsd-questions  Mon Jan  7 14:10:22 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from lists.unixathome.org (lists.unixathome.org [210.48.103.158])
	by hub.freebsd.org (Postfix) with ESMTP id 9261237B402
	for <freebsd-questions@freebsd.org>; Mon,  7 Jan 2002 14:10:11 -0800 (PST)
Received: from wocker (lists.unixathome.org [210.48.103.158])
	by lists.unixathome.org (8.11.6/8.11.6) with ESMTP id g07MA2C64667;
	Tue, 8 Jan 2002 11:10:04 +1300 (NZDT)
	(envelope-from dan@langille.org)
From: "Dan Langille" <dan@langille.org>
Organization: novice in training
To: freebsd-questions@freebsd.org
Date: Mon, 7 Jan 2002 17:09:39 -0500
MIME-Version: 1.0
Subject: cable to DSL - modify gw or create new?
Reply-To: dan@langille.org
Cc: dan@langille.org
Message-ID: <3C39D653.4567.42874AB1@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I'm about to swap from cable to DSL.  I won't be dropping cable until I 
have DSL working reliably.  I have a choice.  I can either modify my 
existing firewall, or create a new one. 

If I create a new gateway, the process is pretty straight forward.  I 
just replicate what is on my existing firewall.  To migrate to DSL, just 
change the default route on each of my internal boxes. 

If I modify my existing gateway, I'll pop in a third NIC and create some 
new ipf groups and rules.  As I migrate from cable to DSL I'll just 
modify my routing table to move more and more outgoing traffic over to 
DSL.  Eventually no traffic will be going out over cable.  That's when I 
can disconnect the cable, remove the references to that NIC from my ipf 
rules, and go on. 

Which choice would you make and why? 
-- 
Dan Langille
The FreeBSD Diary - http://freebsddiary.org/ - practical examples


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message