Date: Thu, 02 May 2002 10:11:45 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Bogdan TARU <bgd@icomag.de> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: network design Message-ID: <3CD17351.893F80A3@mindspring.com> References: <20020502180817.K22759-100000@fw.cgn.icom>
next in thread | previous in thread | raw e-mail | index | archive | help
Bogdan TARU wrote: > I have an unusual question, and hope I'll find the answer on this list. I > would like to build a redundant structure of firewalls (2 of them), and I > really don't have any idea on how to do that. What I would like is a > scheme like: [ ... picture ... ] > But the real question is: how do I assign the same IP address to two > interfaces connected to the same hub(s) or switch(es)? I guess this will > provide the best redundancy. Any such software? If not, could you describe > an alternative for it, or point me to some resources? You want VRRP -- Virtual Router Redundancy Protocol. This works best with gigabit ethernet cards, which support multiple MAC addresses. Do a net search on: FreeBSD VRRP Unfortunately, the FreeBSD ethernet interface isn't terribly smart. Ideally, it would provide a virtual interface per VIP, all the way down to the card; it doesn't. The typical solution used is to blatantly kludge the multicast mask in the hardware, and then that leaves the card in a half-baked "half promiscuous" mode. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CD17351.893F80A3>