Hypothetical (soon to be real) situation: I've got two incoming
connections to the outside world. I want to stick a bridge (actually two
machines... pfsync'd and carp'd together) between those connections and
my DMZ, and two firewall machines (again, carp'd and pfsync'd) between
the DMZ and the rest of my network (actually, two separated networks,
but no matter). The thing is, my picture of all this is getting pretty
complicated, and to make matters even more exciting, I have neither the
hardware nor the connections yet to play with to make sure it works. So
I'm hoping someone will read this and a) pat me on the back and say,
"Yes, don't worry... it all looks fine. Maybe the work of a raving
lunatic, but fine nonetheless...", or b) say "Sweet Fancy Moses you'd
have to be crazy to try that, but here's an alternative that might work".

My internal firewalls I'm not worried about. They're pretty normal. It's
the external machines that scare me. I want them to do a lot: 1) back
each other up so one can die and all is still well, 2) handle both
incoming connections, 3) pay attention to whether or not the "main"
connection is working, and route everything through the alternate if the
main one goes down. Add to that the fact that both connections will
probably give me a /26 or /28 set of public IPs, and I want my DMZ hosts
to respond on both, and it gets complicated enough that I'm not sure I'm
doing things right. So the plan (finally):

Give each bridge 5 interfaces. fxp0 (or sis0, or whatever) and fxp1 will
act as a bridge for the main line, fxp2 and fxp3 will act as a bridge
for the secondary line, and fxp4 will be for pfsync. Each machine in the
DMZ will have two IPs on one interface -- one IP on the main line's
subnet, and another on the backup line's net. The two incoming lines
from the bridge will plug into the same switch, into which I'll also put
all the DMZ hosts and the internal firewall.

Does this sound like a really bad idea? Is there a nicer way? And how
can I do something like dead gateway detection on the bridges, anyway?
I've written Perl scripts to ping devices somewhere in my ISP's network
every minute or so and change routing table entries if it changes, but
constantly pinging my ISP seems so inelegant.

Thanks for any advice or help that can be provided.

- Josh Tolley