From owner-freebsd-isp@FreeBSD.ORG Sat Jan 10 17:03:35 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A59A816A4CE for ; Sat, 10 Jan 2004 17:03:35 -0800 (PST) Received: from joseph.outreachnetworks.com (joseph.outreachnetworks.com [65.196.249.147]) by mx1.FreeBSD.org (Postfix) with SMTP id D1B8043D45 for ; Sat, 10 Jan 2004 17:03:33 -0800 (PST) (envelope-from elh@outreachnetworks.com) Received: (qmail 22257 invoked from network); 11 Jan 2004 01:03:32 -0000 Received: from joseph.outreachnetworks.com (HELO preacher.outreachnetworks.com) (65.196.249.147) by joseph.outreachnetworks.com with SMTP; 11 Jan 2004 01:03:32 -0000 Received: by preacher.outreachnetworks.com (sSMTP sendmail emulation); Sat, 10 Jan 2004 20:03:32 -0500 Date: Sat, 10 Jan 2004 20:03:32 -0500 From: "Eric L. Howard" To: freebsd-isp@freebsd.org Message-ID: <20040111010331.GA1754@outreachnetworks.com> Mail-Followup-To: freebsd-isp@freebsd.org References: <018e01c3d798$0de66670$6401a8c0@mybox> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <018e01c3d798$0de66670$6401a8c0@mybox> X-Favorite-Scripture: Romans 8:18 X-Theocratic-Rule-Advocate: http://www.crossmovement.com X-Registered-Secret-Agent: Agent Double-Naught Seven X-Operating-System: Linux 2.4.22-mywin4lin User-Agent: Mutt/1.5.4i Subject: Re: Failover of FreeBSD firewall with ipfw/natd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jan 2004 01:03:35 -0000 At a certain time, now past [Jan.10.2004-10:36:48AM -0600], dap99@i-55.com spake thusly: > Apologies for the first empty post. > > I am running FreeBSD 4.8-REL with ipfw and natd. My firewall has a primary > IP address and several other IP addresses aliased on the public interface. > This firewall serves as a gateway and performs NAT for a set of servers > offering web, email, and HTTPS. We have two machines that can serve as the > firewall: One is the primary firewall, and the second can be brought up > manually as the firewall in case of a failure of the first machine. > > I would like to automate the process of failover for the firewall. This has come up in the past...did you check the archives? [admin@zechariah ports]$ make search key=freevrrp Port: freevrrpd-0.8.7 Path: /usr/ports/net/freevrrpd Info: This a VRRP RFC2338 Compliant implementation under FreeBSD Maint: spe@bsdfr.org Index: net B-deps: R-deps: [admin@zechariah freevrrpd]$ less pkg-descr freevrrpd is a VRRP (Virtual Router Redundancy Protocol) implementation daemon under FreeBSD. freevrrpd is part of the High UpTime project. This daemon has been rewritten from scratch and is not based on existing projects. In this second public release, you can find: * A daemon RFC 2338 Compliant adapted on FreeBSD systems * Implementation of Virtual Adresses * Support for multiples VRID * Master announce state by sending multicast packets via BPF * Changing routes and IP in 3 seconds * Doing gratuitous ARP requests to clean the cache of all hosts * Election between different slave servers * Same host can be Slave and Master at the same time * Automatic Downgrade to Slave if a Master is up again * Anti-Address Conflict system * Multi-threaded vrrp daemon * Plain text password authentication * Using now only one BPF device for all VRID * Support netmask for Virtual IP addresses * Support for monitored circuit and dependances between VRIDs WWW: http://www.bsdshell.net/ I don't use ipfw or natd...so I can't comment on that portion...but again..it's come up in the past...check the archives for -isp, -security and -ipfw. ~elh -- Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m ------------------------------------------------------------------------ www.OutreachNetworks.com 313.297.9900 ------------------------------------------------------------------------ JabberID: elh@jabber.org Advocate of the Theocratic Rule