Date: Wed, 19 Dec 2001 10:34:50 -0800 From: Tim Priebe <tim@ke.uu.net> To: Fabrizio Ravazzini <freefabri@yahoo.it>, freebsd-cluster@freebsd.org Cc: freebsd-isp@freebsd.org Subject: Re: Bridge/Firewall cluster? Message-ID: <5.1.0.14.0.20011219102837.0244c980@pop.uunet.co.ke> In-Reply-To: <20011217083812.63311.qmail@web20108.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The problem with this is it would duplicate packets. My solution to this=20 was to not use bridging, but to route through the firewall, using dynamic=20 routing. As long as everything in the DMZ can understand some routing=20 protocol you will be fine. The Cisco advertises default to the two=20 firewalls, and the firewalls redistribute learned and directly connected=20 routes. You can limit which hosts you learn routes from in your firewall=20 rules, depending on the protocol used. Tim. At 09:38 AM 12/17/01 +0100, Fabrizio Ravazzini wrote: >Hello all I've done a bridge/firewall to connect a dmz >to Internet,this is the scheme: > > Internet > | > | > Router cisco > | > | rl0 > Fbsd bridge/FW > | rl1 > | > DMZ > >The public ip of the cisco is like 200.20.20.1 >Then rl0 200.20.20.3. >I want to make this bridge high available putting >another freebsd bridge machine so that if one goes >down there is the other and the dmz is still >available. >Can I put another Fbsd bridge between the cisco and >the dmz like this scheme: > > > Internet > | > | > Router cisco > | > |________________ > | rl0 | > Fbsd |ed0 > bridge/FW Fbsd > | rl1 Bridge/FW > |________________| > | > DMZ > >For example ed0 could be 200.20.20.5, perhaps is >stupid question, but can it works? >Or is there other solutions? >Any help would be appreciated. >Bye > > >______________________________________________________________________ > >Iscriviti al Meglio della Settimana, la newsletter di Yahoo! >Per saperne di pi=F9 vai alla pagina: http://buongiorno.yahoo.it > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011219102837.0244c980>