Date: Sat, 10 Jan 2004 20:03:32 -0500 From: "Eric L. Howard" <elh@outreachnetworks.com> To: freebsd-isp@freebsd.org Subject: Re: Failover of FreeBSD firewall with ipfw/natd Message-ID: <20040111010331.GA1754@outreachnetworks.com> In-Reply-To: <018e01c3d798$0de66670$6401a8c0@mybox> References: <018e01c3d798$0de66670$6401a8c0@mybox>
next in thread | previous in thread | raw e-mail | index | archive | help
At a certain time, now past [Jan.10.2004-10:36:48AM -0600], dap99@i-55.com spake thusly:
> Apologies for the first empty post.
>
> I am running FreeBSD 4.8-REL with ipfw and natd. My firewall has a primary
> IP address and several other IP addresses aliased on the public interface.
> This firewall serves as a gateway and performs NAT for a set of servers
> offering web, email, and HTTPS. We have two machines that can serve as the
> firewall: One is the primary firewall, and the second can be brought up
> manually as the firewall in case of a failure of the first machine.
>
> I would like to automate the process of failover for the firewall.
This has come up in the past...did you check the archives?
[admin@zechariah ports]$ make search key=freevrrp
Port: freevrrpd-0.8.7
Path: /usr/ports/net/freevrrpd
Info: This a VRRP RFC2338 Compliant implementation under FreeBSD
Maint: spe@bsdfr.org
Index: net
B-deps:
R-deps:
[admin@zechariah freevrrpd]$ less pkg-descr
freevrrpd is a VRRP (Virtual Router Redundancy Protocol) implementation
daemon under FreeBSD. freevrrpd is part of the High UpTime project.
This daemon has been rewritten from scratch and is not based on
existing projects. In this second public release, you can find:
* A daemon RFC 2338 Compliant adapted on FreeBSD systems
* Implementation of Virtual Adresses
* Support for multiples VRID
* Master announce state by sending multicast packets via BPF
* Changing routes and IP in 3 seconds
* Doing gratuitous ARP requests to clean the cache of all hosts
* Election between different slave servers
* Same host can be Slave and Master at the same time
* Automatic Downgrade to Slave if a Master is up again
* Anti-Address Conflict system
* Multi-threaded vrrp daemon
* Plain text password authentication
* Using now only one BPF device for all VRID
* Support netmask for Virtual IP addresses
* Support for monitored circuit and dependances between VRIDs
WWW: http://www.bsdshell.net/
I don't use ipfw or natd...so I can't comment on that portion...but
again..it's come up in the past...check the archives for -isp, -security and
-ipfw.
~elh
--
Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m
------------------------------------------------------------------------
www.OutreachNetworks.com 313.297.9900
------------------------------------------------------------------------
JabberID: elh@jabber.org Advocate of the Theocratic Rule
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040111010331.GA1754>