From owner-freebsd-isp  Sat Jul  8  2:21:45 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from mail.lawforum.co.za (ns3.dataweb.co.za [196.25.141.38])
	by hub.freebsd.org (Postfix) with ESMTP id 27E4037B579
	for <isp@freebsd.org>; Sat,  8 Jul 2000 02:21:41 -0700 (PDT)
	(envelope-from rip@pinetec.co.za)
Received: from rip by mail.lawforum.co.za with local (Exim 3.02 #1)
	id 13AqsA-00048R-00; Sat, 08 Jul 2000 11:26:06 +0200
Date: Sat, 8 Jul 2000 11:26:06 +0200
From: "R.I.Pienaar" <rip@pinetec.co.za>
To: Gabriel Ambuehl <gabriel_ambuehl@buz.ch>
Cc: Jason Fesler <jfesler@gigo.com>,
	Luigi Rizzo <luigi@info.iet.unipi.it>,
	Chris Shenton <cshenton@uucom.com>, Alan Batie <batie@rdrop.com>,
	isp@FreeBSD.ORG
Subject: Re: load balancing
Message-ID: <20000708112606.G10253@pinetec.co.za>
References: <Pine.BSF.4.21.0007070948320.69269-100000@heaven.gigo.com> <11591545084.20000707190001@buz.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <11591545084.20000707190001@buz.ch>; from gabriel_ambuehl@buz.ch on Fri, Jul 07, 2000 at 07:00:01PM +0200
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> What if it's pingable, but ssh failed? And how do you solve the
> problems of needing root access to kill the alias? I don't want to
> supply an attacker with the root passwords for the another box if he
> cracks one of a pair... RSA authentication isn't better for that
> matter.

you can have it behind a nat box, that monitors the services, the moment
anything stop working, you just rewrite its real ip to another box and
everything fails over.

this ofcource leave you with a nat box again to failover.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message