On Wednesday 28 January 2004 08:39 am, Karyl F. Stein wrote:
rp to feed a DMZ. Are other people doing this> and if so how?
> My main problem is that I would like to have each firewall running at the
> same time with a set of firewall rules. This is because I want the backup
> to be able to reach the Intranet as well as the Internet, but want that
> access controlled by iptables rules. (The firewalls are DHCP and NTP
> servers for the Intranet, grab configuration from the Intranet, are
> contacted by a tape backup system on the Intranet, etc.) I would also
> like the backup firewall to handle all the DNS queries from the Internet
> and Intranet in order to offload that from the primary. The issue is that
> when the proxyarps are set up, each firewall will answer ARP requests. Is
> there some way to make the primary the only firewall answering ARP
> requests for the DMZ hosts?
Sounds to me like you need two Shorewall configurations -- one for use when
running as the backup and one to use when running as the primary.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net