Date: Sun, 11 Jan 2004 22:32:53 +0100 From: Martin Jessa <freebsd@yazzy.org> To: freebsd-isp@freebsd.org Subject: Re: Failover of FreeBSD firewall with ipfw/natd Message-ID: <20040111223253.69191b5c.freebsd@yazzy.org> In-Reply-To: <20040111010331.GA1754@outreachnetworks.com> References: <018e01c3d798$0de66670$6401a8c0@mybox> <20040111010331.GA1754@outreachnetworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. This may help: http://www.ezunix.org/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=69&page=1 On Sat, 10 Jan 2004 20:03:32 -0500 "Eric L. Howard" <elh@outreachnetworks.com> wrote: > At a certain time, now past [Jan.10.2004-10:36:48AM -0600], dap99@i-55.com spake thusly: > > Apologies for the first empty post. > > > > I am running FreeBSD 4.8-REL with ipfw and natd. My firewall has a primary > > IP address and several other IP addresses aliased on the public interface. > > This firewall serves as a gateway and performs NAT for a set of servers > > offering web, email, and HTTPS. We have two machines that can serve as the > > firewall: One is the primary firewall, and the second can be brought up > > manually as the firewall in case of a failure of the first machine. > > > > I would like to automate the process of failover for the firewall. > > This has come up in the past...did you check the archives? > > [admin@zechariah ports]$ make search key=freevrrp > Port: freevrrpd-0.8.7 > Path: /usr/ports/net/freevrrpd > Info: This a VRRP RFC2338 Compliant implementation under FreeBSD > Maint: spe@bsdfr.org > Index: net > B-deps: > R-deps: > > [admin@zechariah freevrrpd]$ less pkg-descr > freevrrpd is a VRRP (Virtual Router Redundancy Protocol) implementation > daemon under FreeBSD. freevrrpd is part of the High UpTime project. > This daemon has been rewritten from scratch and is not based on > existing projects. In this second public release, you can find: > > * A daemon RFC 2338 Compliant adapted on FreeBSD systems > * Implementation of Virtual Adresses > * Support for multiples VRID > * Master announce state by sending multicast packets via BPF > * Changing routes and IP in 3 seconds > * Doing gratuitous ARP requests to clean the cache of all hosts > * Election between different slave servers > * Same host can be Slave and Master at the same time > * Automatic Downgrade to Slave if a Master is up again > * Anti-Address Conflict system > * Multi-threaded vrrp daemon > * Plain text password authentication > * Using now only one BPF device for all VRID > * Support netmask for Virtual IP addresses > * Support for monitored circuit and dependances between VRIDs > > WWW: http://www.bsdshell.net/ > > I don't use ipfw or natd...so I can't comment on that portion...but > again..it's come up in the past...check the archives for -isp, -security and > -ipfw. > > ~elh > > -- > Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m > ------------------------------------------------------------------------ > www.OutreachNetworks.com 313.297.9900 > ------------------------------------------------------------------------ > JabberID: elh@jabber.org Advocate of the Theocratic Rule > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040111223253.69191b5c.freebsd>