Date: Wed, 26 Mar 2003 16:37:21 -0500 From: Eric L Howard <elh@outreachnetworks.com> To: freebsd-security@freebsd.org Subject: Re: Multiple Firewalls with ipfilter? Message-ID: <20030326213721.GB524@outreachnetworks.com> In-Reply-To: <3E82142E.000017.64676@ns.interchange.ca> References: <3E82142E.000017.64676@ns.interchange.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At a certain time, now past [Wed, Mar 26, 2003 at 03:57:18PM -0500], Michael Richards spake thusly: > We're supposed to provide redundant firewall service. I'm wondering > if anyone has ever tried to do this and if it's realistic. Basically > 2 firewall machines hooked up so if one fails the other will > transparently step in. I've googled it to death without much luck. > > The security issue here lies in that the 2 firewalls can't talk to > each other. So if I'm keeping state on a connection then the second > firewall has to know about that connection otherwise it will close if > that firewall dies. [admin@zechariah ports]# make search key=freevrrpd Port: freevrrpd-0.8.4_1 Path: /usr/ports/net/freevrrpd Info: This a VRRP RFC2338 Compliant implementation under FreeBSD Maint: spe@bsdfr.org Index: net B-deps: R-deps: http://redundancy.redundancy.org/fbsd_lb.html Though I've used VRRP quite a bit, I have not used the freevrrpd implementation. ~elh -- Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m ------------------------------------------------------------------------ www.OutreachNetworks.com 313.297.9900 ------------------------------------------------------------------------ JabberID: elh@jabber.org Advocate of the Theocratic Rule
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030326213721.GB524>