Shorewall users - Dec 2003 - redundant firewalling

Hi all ! 

I want ot set up shorewall in a redundant firewall scenario. I have to
identical servers equiped with 3 nics each. Both are running shorewall
and have an indentical set up. On both systems Debian Woody is
installed. Has anybody experience with a redundant scenario. I have read
about vrrp which can provide a protocol for this application. 

any help appreciated ... 

thanks 
Nik

On Mon, 2003-12-15 at 19:13, Nik Engel wrote:
> Hi all ! 
> 
> I want ot set up shorewall in a redundant firewall scenario. I have to
> identical servers equiped with 3 nics each. Both are running shorewall
> and have an indentical set up. On both systems Debian Woody is
> installed. Has anybody experience with a redundant scenario. I have read
> about vrrp which can provide a protocol for this application. 
> 
> any help appreciated ... 
> 
> thanks 
> Nik 
>  
Look at keepalived (http://keepalived.sourceforge.net/) to handle VRRP
and basic system monitoring.  You could easily setup a redundant
Shorewall installation with that to handle the IP portion and some
simple scripts to ensure that the configs remained consistent.  What you
will not have is stateful failover so all of your big FTPs or HTTP
downloads will be dropped, etc.  This is not a Shorewall limitation,
rather a netfilter limitation.

* Nik Engel <Shorewall-users@bronson.de> 2003-12-16 
(01:13:54AM):
> I want ot set up shorewall in a redundant firewall scenario. I have to
> identical servers equiped with 3 nics each. Both are running shorewall
> and have an indentical set up. On both systems Debian Woody is
> installed. Has anybody experience with a redundant scenario. I have read
> about vrrp which can provide a protocol for this application. 
heartbeat does that job just fine ! 

ne