From owner-freebsd-security Sat Jan 20 4:59:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.polytechnic.edu.na (mail.polytechnic.edu.na [196.31.225.2]) by hub.freebsd.org (Postfix) with ESMTP id B915D37B400 for ; Sat, 20 Jan 2001 04:58:53 -0800 (PST) Received: from ns1.horizon.na ([196.31.225.199] helo=polytechnic.edu.na) by mail.polytechnic.edu.na with esmtp (Exim 3.02 #2) id 14K0Q5-0005z2-00; Sat, 20 Jan 2001 13:59:13 -0200 Message-ID: <3A698B84.8BF22034@polytechnic.edu.na> Date: Sat, 20 Jan 2001 14:58:44 +0200 From: Tim Priebe Reply-To: tim@iafrica.com.na X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Sean Lutner Cc: freebsd-security@freebsd.org Subject: Re: Failover firewalls with ipfw? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sean Lutner wrote: > > I'm currently doing some research into firewalls, and which one(s) would > be right for my network. I'm considering everything from Checkpoint-1, to > Cisco Pix, to ipchains, to ipfw on FreeBSD. My question is this. Does > anyone out there know of any utilities/code/addons I could use to > implement a failover pair of firewalls using ipfw and fbsd? Ideally I'd > like to do stateful failover, but having two machines always on and a > heartbeat solution might wirk as well. If anyone can offer some pointers, > it would be much appreciated. My approch to this problem is to use a pair of FreeBSD boxes running ipfw as firewalls, and dynamic routing to handle the fail over. I am running stateless rules, as I have not had time to look into writing the code to get them to exchange state information. Tim. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message