DaemonForums  

Go Back   DaemonForums > Other Operating Systems > Other BSD and UNIX/UNIX-like

Other BSD and UNIX/UNIX-like Any other flavour of BSD or UNIX that does not have a section of its own.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th June 2008
revzalot's Avatar
revzalot revzalot is offline
Shell Scout
 
Join Date: May 2008
Posts: 123
Default iptables fw redundancy

Anyone have a good how to on this using two linux machines with iptables?
Reply With Quote
  #2   (View Single Post)  
Old 17th June 2008
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 696
Default

You could hack something together using heartbeat (for failover), freevrrp (for sharing common IPs), and drbd (to replicate a block device between the two hosts). But (AFAIK) you won't be able to save/failover state between the two. You'll either have to use non-stateful rules, or put up with the possibility of dropping any existing connections during the fail-over.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
  #3   (View Single Post)  
Old 17th June 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Default

Thanks phoenix, your post saves me. I was looking forward to building something similar. I'll post any updates I have here.
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
  #4   (View Single Post)  
Old 17th June 2008
revzalot's Avatar
revzalot revzalot is offline
Shell Scout
 
Join Date: May 2008
Posts: 123
Default

Thanks buddy. Looks like OpenBSD/CARP is the ideal setup for fw redundancy.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
first match vs last match ruleset design (pf vs iptables) zelut FreeBSD Security 5 12th July 2009 08:13 AM
pfsync+carp+wifi firewall redundancy inquiry revzalot OpenBSD Security 1 18th May 2009 03:06 PM
spoofing with iptables dk_netsvil General software and network 6 29th October 2008 08:22 PM


All times are GMT. The time now is 11:44 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick