Date: Thu, 4 Oct 2001 22:52:24 -0700 From: Sean Chittenden <sean@chittenden.org> To: Sean Lutner <sean@rentul.net> Cc: Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG Subject: Re: HA/Failover options Message-ID: <20011004225224.A98030@rand.tgd.net> In-Reply-To: <20011004224248.C525@rentul.net>; from "sean@rentul.net" on Thu, Oct 04, 2001 at = 10:42:48PM References: <20011004220637.B525@rentul.net> <5.1.0.14.0.20011004220840.04858b48@192.168.0.12> <20011004224248.C525@rentul.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Few things: 1) ipfilter 4 is supposed to do this, but isn't out yet 2) Wackamole with will handle the failover of a virtual IP. http://www.backhand.org/wackamole/ You could use that with ipfilter/ipfw and you'd be pretty good to go. If you used a state table on either you'd loose your established connections, but you'd at least be redundant. How's that sound? -sc > > At 10:06 PM 10/4/2001 -0400, Sean Lutner wrote: > > >Hello... > > >I've recently been tasked with coming up with a redundant/failover > > >firewall solution to replace our managed firewalls. The goal is to have > > >more control, and spen dless money. So, after some research I decided > > >FreeBSD with ipfw and vrrp would do the trick. I set out to in stall and > > >configure everything. I noticed when trying to install vrrp from ports > > >that it's been tagged forbidden, and confirmed this after searching the > > >-security archives. The problem I'm running into is this. I grabbed the > > >code that /usr/ports/net/vrrp would have, and built it, but the > > >implementation has some problems. Once failed over (slave taking over for > > >master), it does not fail back without intervention. If you down an > > >interface with a vrid on it, somehow the vip stays in the interface > > >causing problems. My basic question is this. Is there anyone else out > > >there running redundant/failover firewalls using freebsd? If so, what are > > >you running? I found one other piece of software at http://linux-ha.org th! > > > at said would build on freebsd, but no such luck. If anyone has any > > > ideas, pointers, products, or thwaps in the right direction, i'd > > > appreciate them. > > > > > >Thanks > > > > > >Sean > > > > > >-- > > >Sean Lutner | www: http://www.rentul.net > > >e-mail: sean@rentul.net | gpg: http://www.rentul.net/sean.sig > > > > > >"Imagination is more important than knowledge." -- Albert Einstein > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > > >with "unsubscribe freebsd-security" in the body of the message > > > > -------------------------------------------------------------------- > > Mike Tancsa, tel +1 519 651 3400 > > Sentex Communications, mike@sentex.net > > Providing Internet since 1994 www.sentex.net > > Cambridge, Ontario Canada www.sentex.net/mike > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > Sean Lutner | www: http://www.rentul.net > e-mail: sean@rentul.net | gpg: http://www.rentul.net/sean.sig > > "Imagination is more important than knowledge." -- Albert Einstein > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Sean Chittenden To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004225224.A98030>