Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Dec 2001 10:34:50 -0800
From:      Tim Priebe <tim@ke.uu.net>
To:        Fabrizio Ravazzini <freefabri@yahoo.it>, freebsd-cluster@freebsd.org
Cc:        freebsd-isp@freebsd.org
Subject:   Re: Bridge/Firewall cluster?
Message-ID:  <5.1.0.14.0.20011219102837.0244c980@pop.uunet.co.ke>
In-Reply-To: <20011217083812.63311.qmail@web20108.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
The problem with this is it would duplicate packets. My solution to this=20
was to not use bridging, but to route through the firewall, using dynamic=20
routing. As long as everything in the DMZ can understand some routing=20
protocol you will be fine. The Cisco advertises default to the two=20
firewalls, and the firewalls redistribute learned and directly connected=20
routes. You can limit which hosts you learn routes from in your firewall=20
rules, depending on the protocol used.

Tim.

At 09:38 AM 12/17/01 +0100, Fabrizio Ravazzini wrote:
>Hello all I've done a bridge/firewall to connect a dmz
>to Internet,this is the scheme:
>
>              Internet
>                |
>                |
>              Router cisco
>                |
>                | rl0
>             Fbsd bridge/FW
>                | rl1
>                |
>               DMZ
>
>The public ip of the cisco is like 200.20.20.1
>Then rl0 200.20.20.3.
>I want to make this bridge high available putting
>another freebsd bridge machine so that if one goes
>down   there is the other and the dmz is still
>available.
>Can I put another Fbsd bridge between the cisco and
>the dmz like this scheme:
>
>
>              Internet
>                |
>                |
>              Router cisco
>                |
>                |________________
>                | rl0            |
>               Fbsd              |ed0
>             bridge/FW          Fbsd
>                | rl1           Bridge/FW
>                |________________|
>                |
>               DMZ
>
>For example ed0 could be 200.20.20.5, perhaps is
>stupid question, but can it works?
>Or is there other solutions?
>Any help would be appreciated.
>Bye
>
>
>______________________________________________________________________
>
>Iscriviti al Meglio della Settimana, la newsletter di Yahoo!
>Per saperne di pi=F9 vai alla pagina: http://buongiorno.yahoo.it
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-isp" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011219102837.0244c980>