Date: Thu, 04 Oct 2001 22:12:10 -0400 From: Mike Tancsa <mike@sentex.net> To: Sean Lutner <sean@rentul.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: HA/Failover options Message-ID: <5.1.0.14.0.20011004220840.04858b48@192.168.0.12> In-Reply-To: <20011004220637.B525@rentul.net>
next in thread | previous in thread | raw e-mail | index | archive | help
What do you have behind the firewall ? Are all the boxes capable of any
sort of dynamic routing ? Using OSPF for example, you could have your 2
boxes advertising the default gateway, one with a more attractive cost that
the other. Even Win2K has OSPF capabilities. It might be an easier way to go.
---Mike
At 10:06 PM 10/4/2001 -0400, Sean Lutner wrote:
>Hello...
>I've recently been tasked with coming up with a redundant/failover
>firewall solution to replace our managed firewalls. The goal is to have
>more control, and spen dless money. So, after some research I decided
>FreeBSD with ipfw and vrrp would do the trick. I set out to in stall and
>configure everything. I noticed when trying to install vrrp from ports
>that it's been tagged forbidden, and confirmed this after searching the
>-security archives. The problem I'm running into is this. I grabbed the
>code that /usr/ports/net/vrrp would have, and built it, but the
>implementation has some problems. Once failed over (slave taking over for
>master), it does not fail back without intervention. If you down an
>interface with a vrid on it, somehow the vip stays in the interface
>causing problems. My basic question is this. Is there anyone else out
>there running redundant/failover firewalls using freebsd? If so, what are
>you running? I found one other piece of software at http://linux-ha.org th!
> at said would build on freebsd, but no such luck. If anyone has any
> ideas, pointers, products, or thwaps in the right direction, i'd
> appreciate them.
>
>Thanks
>
>Sean
>
>--
>Sean Lutner | www: http://www.rentul.net
>e-mail: sean@rentul.net | gpg: http://www.rentul.net/sean.sig
>
>"Imagination is more important than knowledge." -- Albert Einstein
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011004220840.04858b48>