Transparent bridge performance with PF
I'm in the process of setting up a transparent bridge using PF but am having some problems determining which of the two bridged interfaces the filtering should occur on. The box has a total of three interface, one dedicated for management with the other two passing traffic through for users. Performance wise the interfaces gig-connected intel nics serving a couple hundred users but we wanted to implement some filtering to allow through only http, https, ect for guests and while it does work in it's current state I'm wondering if the inside interface was the best choice for the filtering to be conducted or if it would better to be filtering on the external interface.
Ideas?
|