Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Dec 2001 10:34:50 -0800
From:      Tim Priebe <tim@ke.uu.net>
To:        Fabrizio Ravazzini <freefabri@yahoo.it>, freebsd-cluster@freebsd.org
Cc:        freebsd-isp@freebsd.org
Subject:   Re: Bridge/Firewall cluster?
Message-ID:  <5.1.0.14.0.20011219102837.0244c980@pop.uunet.co.ke>
In-Reply-To: <20011217083812.63311.qmail@web20108.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

The problem with this is it would duplicate packets. My solution to this 
was to not use bridging, but to route through the firewall, using dynamic 
routing. As long as everything in the DMZ can understand some routing 
protocol you will be fine. The Cisco advertises default to the two 
firewalls, and the firewalls redistribute learned and directly connected 
routes. You can limit which hosts you learn routes from in your firewall 
rules, depending on the protocol used.

Tim.

At 09:38 AM 12/17/01 +0100, Fabrizio Ravazzini wrote:
>Hello all I've done a bridge/firewall to connect a dmz
>to Internet,this is the scheme:
>
>              Internet
>                |
>                |
>              Router cisco
>                |
>                | rl0
>             Fbsd bridge/FW
>                | rl1
>                |
>               DMZ
>
>The public ip of the cisco is like 200.20.20.1
>Then rl0 200.20.20.3.
>I want to make this bridge high available putting
>another freebsd bridge machine so that if one goes
>down   there is the other and the dmz is still
>available.
>Can I put another Fbsd bridge between the cisco and
>the dmz like this scheme:
>
>
>              Internet
>                |
>                |
>              Router cisco
>                |
>                |________________
>                | rl0            |
>               Fbsd              |ed0
>             bridge/FW          Fbsd
>                | rl1           Bridge/FW
>                |________________|
>                |
>               DMZ
>
>For example ed0 could be 200.20.20.5, perhaps is
>stupid question, but can it works?
>Or is there other solutions?
>Any help would be appreciated.
>Bye
>
>
>______________________________________________________________________
>
>Iscriviti al Meglio della Settimana, la newsletter di Yahoo!
>Per saperne di pił vai alla pagina: http://buongiorno.yahoo.it
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-isp" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011219102837.0244c980>