From owner-freebsd-isp@FreeBSD.ORG Sun Jan 11 13:56:49 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA87116A4CE for ; Sun, 11 Jan 2004 13:56:49 -0800 (PST) Received: from mail.yazzy.org (yazzy.org [217.8.140.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 207CA43D5A for ; Sun, 11 Jan 2004 13:56:39 -0800 (PST) (envelope-from freebsd@yazzy.org) Received: from localhost (localhost [127.0.0.1]) by mail.yazzy.org (Postfix) with ESMTP id 63C6B39812; Sun, 11 Jan 2004 22:56:31 +0100 (CET) Received: from mail.yazzy.org ([127.0.0.1]) by localhost (urukhai.yazzy.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47688-01; Sun, 11 Jan 2004 22:56:30 +0100 (CET) Received: from yazzy.solheim (yazzy [192.168.98.11]) by mail.yazzy.org (Postfix) with SMTP id 0B4AC3980F; Sun, 11 Jan 2004 22:56:27 +0100 (CET) Date: Sun, 11 Jan 2004 22:32:53 +0100 From: Martin Jessa To: freebsd-isp@freebsd.org Message-Id: <20040111223253.69191b5c.freebsd@yazzy.org> In-Reply-To: <20040111010331.GA1754@outreachnetworks.com> References: <018e01c3d798$0de66670$6401a8c0@mybox> <20040111010331.GA1754@outreachnetworks.com> Organization: WRS ASA X-Mailer: Sylpheed version 0.9.0claws (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Failover of FreeBSD firewall with ipfw/natd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jan 2004 21:56:50 -0000 Hi. This may help: http://www.ezunix.org/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=69&page=1 On Sat, 10 Jan 2004 20:03:32 -0500 "Eric L. Howard" wrote: > At a certain time, now past [Jan.10.2004-10:36:48AM -0600], dap99@i-55.com spake thusly: > > Apologies for the first empty post. > > > > I am running FreeBSD 4.8-REL with ipfw and natd. My firewall has a primary > > IP address and several other IP addresses aliased on the public interface. > > This firewall serves as a gateway and performs NAT for a set of servers > > offering web, email, and HTTPS. We have two machines that can serve as the > > firewall: One is the primary firewall, and the second can be brought up > > manually as the firewall in case of a failure of the first machine. > > > > I would like to automate the process of failover for the firewall. > > This has come up in the past...did you check the archives? > > [admin@zechariah ports]$ make search key=freevrrp > Port: freevrrpd-0.8.7 > Path: /usr/ports/net/freevrrpd > Info: This a VRRP RFC2338 Compliant implementation under FreeBSD > Maint: spe@bsdfr.org > Index: net > B-deps: > R-deps: > > [admin@zechariah freevrrpd]$ less pkg-descr > freevrrpd is a VRRP (Virtual Router Redundancy Protocol) implementation > daemon under FreeBSD. freevrrpd is part of the High UpTime project. > This daemon has been rewritten from scratch and is not based on > existing projects. In this second public release, you can find: > > * A daemon RFC 2338 Compliant adapted on FreeBSD systems > * Implementation of Virtual Adresses > * Support for multiples VRID > * Master announce state by sending multicast packets via BPF > * Changing routes and IP in 3 seconds > * Doing gratuitous ARP requests to clean the cache of all hosts > * Election between different slave servers > * Same host can be Slave and Master at the same time > * Automatic Downgrade to Slave if a Master is up again > * Anti-Address Conflict system > * Multi-threaded vrrp daemon > * Plain text password authentication > * Using now only one BPF device for all VRID > * Support netmask for Virtual IP addresses > * Support for monitored circuit and dependances between VRIDs > > WWW: http://www.bsdshell.net/ > > I don't use ipfw or natd...so I can't comment on that portion...but > again..it's come up in the past...check the archives for -isp, -security and > -ipfw. > > ~elh > > -- > Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m > ------------------------------------------------------------------------ > www.OutreachNetworks.com 313.297.9900 > ------------------------------------------------------------------------ > JabberID: elh@jabber.org Advocate of the Theocratic Rule > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"