Date: Fri, 10 Aug 2001 09:26:56 -0700 From: "John Van Boxtel" <jvb@whoowl.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: distributed natd Message-ID: <010c01c121b9$461f3040$6b00a8c0@vanbo.whoowl.com> References: <Pine.BSF.4.21.0108101222250.54541-100000@lhotse.zaraska.dhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Next, I don't know whether they should communicate over TCP or UDP. I > would use UDP since it might be faster and it allows broadcasts (one > firewall broadcasting changes to all others on the secure network) but is > unreliable. A persistent TCP connection may be also considered. The persistent TCP connection could be used well as if the connection dropped this could signal that the other gateway is down for whatever reason. This would not be useful for telling if that gateway no longer has an upstream connection but it would definitely let you know that the gateway is no longer availible (ie power lost, hardware failuer, etc) > It is however not clean to me how and how often you want to check if > firewall is alive. See above, this would instantly, let you know it's gone, but it would only tell you that the gateway is dead not when the gateway is up but its upstream is down. Interesting stuff :-) JVB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010c01c121b9$461f3040$6b00a8c0>