Date: Wed, 26 Mar 2003 18:31:56 -0500 (EST) From: "Michael Richards" <michael@fastmail.ca> To: elliot@cs.montana.edu Cc: freebsd-security@freebsd.org Subject: Re: Multiple Firewalls with ipfilter? Message-ID: <3E82386C.000003.20487@ns.interchange.ca>
next in thread | raw e-mail | index | archive | help
--------------Boundary-00=_8PQDULUXFQQMYJ0CCJD0
Content-Type: Text/Plain
Content-Transfer-Encoding: 7bit
The problem here is really 2 pronged:
1) I need some means of realising that the firewall just died and
transparently switching over to the backup or load balancing the two
so if one dies the other takes up the slack.
2) I need a means of syncing the state info so existing connections
won't be torn down if they end up going through the other firewall.
Sounds like a solution people would normally pay an obscene amount of
money for but I'd be surprised if there isn't a way to do this. Maybe
something with routing could do the balancing...
-Michael
>> -SNIP
>> The security issue here lies in that the 2 firewalls can't talk
>> to each other. So if I'm keeping state on a connection then the
>> second firewall has to know about that connection otherwise it
>> will close if that firewall dies.
>>
> what do you mean, can't talk to each other?
> /usr/src/ports/net/freevrrpd/ might help you a little, but not
> state awareness
_________________________________________________________________
http://fastmail.ca/ - Fast Secure Web Email for Canadians
--------------Boundary-00=_8PQDULUXFQQMYJ0CCJD0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E82386C.000003.20487>