Date: Thu, 04 Oct 2001 22:12:10 -0400 From: Mike Tancsa <mike@sentex.net> To: Sean Lutner <sean@rentul.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: HA/Failover options Message-ID: <5.1.0.14.0.20011004220840.04858b48@192.168.0.12> In-Reply-To: <20011004220637.B525@rentul.net>
next in thread | previous in thread | raw e-mail | index | archive | help
What do you have behind the firewall ? Are all the boxes capable of any sort of dynamic routing ? Using OSPF for example, you could have your 2 boxes advertising the default gateway, one with a more attractive cost that the other. Even Win2K has OSPF capabilities. It might be an easier way to go. ---Mike At 10:06 PM 10/4/2001 -0400, Sean Lutner wrote: >Hello... >I've recently been tasked with coming up with a redundant/failover >firewall solution to replace our managed firewalls. The goal is to have >more control, and spen dless money. So, after some research I decided >FreeBSD with ipfw and vrrp would do the trick. I set out to in stall and >configure everything. I noticed when trying to install vrrp from ports >that it's been tagged forbidden, and confirmed this after searching the >-security archives. The problem I'm running into is this. I grabbed the >code that /usr/ports/net/vrrp would have, and built it, but the >implementation has some problems. Once failed over (slave taking over for >master), it does not fail back without intervention. If you down an >interface with a vrid on it, somehow the vip stays in the interface >causing problems. My basic question is this. Is there anyone else out >there running redundant/failover firewalls using freebsd? If so, what are >you running? I found one other piece of software at http://linux-ha.org th! > at said would build on freebsd, but no such luck. If anyone has any > ideas, pointers, products, or thwaps in the right direction, i'd > appreciate them. > >Thanks > >Sean > >-- >Sean Lutner | www: http://www.rentul.net >e-mail: sean@rentul.net | gpg: http://www.rentul.net/sean.sig > >"Imagination is more important than knowledge." -- Albert Einstein > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011004220840.04858b48>