I list, I''m looking for a solution of fw redundancy i got this: WAN CUSTOMERS ! ! ! ! Shorewall FW Box ! ! ! ! Admin CORPORATE Zone (NAT) Admin Zone is NATed to Wan thru FW (Local IPs zone) CUSTOMERS is bridged to WAN thru FW (Public IPs zone) CORPORATE is bridged to WAN thru FW (Public IPs zone) FW uses QoS & BW limiting I''d like to achieve this: WAN CUSTOMERS WAN CUSTOMERS ! ! ! ! ! ! Link (pfsync) ! ! Shorewall FW Box <=====================> Backup FW Box ! ! ! ! ! ! ! ! Admin CORPORATE Admin CORPORATE Zone (NAT) Zone (NAT) Two shorewall firewalls linked to each other, so that their config is always synched and automatic failover can work. UCARP (http://www.ucarp.org/project/ucarp) seems interesting for that, has anybody used shorewall along ucarp to deal with automatic failover? Are there any other ways to do that? Tristan ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Tristan DEFERT wrote:> I list, > I''m looking for a solution of fw redundancy > > i got this: > ... > I''d like to achieve this: > ... > Two shorewall firewalls linked to each other, so that their config is > always synched and automatic failover can work. > > UCARP (http://www.ucarp.org/project/ucarp) seems interesting for that, > has anybody used shorewall along ucarp to deal with automatic failover? > Are there any other ways to do that?There are a number of ways to achieve this. UCARP is one of them, another (what i use) is heartbeat clustering. A search of this mailing list''s archives should give you some good hints. Useful keywords might be failover and redundancy. Paul ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Paul Gear wrote on 13/03/2006 20:03:46:> Tristan DEFERT wrote: > > I list, > > I''m looking for a solution of fw redundancy > > > > i got this: > > ... > > I''d like to achieve this: > > ... > > Two shorewall firewalls linked to each other, so that their config is > > always synched and automatic failover can work. > > > > UCARP (http://www.ucarp.org/project/ucarp) seems interesting for that, > > has anybody used shorewall along ucarp to deal with automaticfailover?> > Are there any other ways to do that? > > There are a number of ways to achieve this. UCARP is one of them, > another (what i use) is heartbeat clustering. A search of this mailing > list''s archives should give you some good hints. Useful keywords might > be failover and redundancy. > > PaulIIRC, someone said he/she would do a how-to covering this topic. It would be a very good addition to the site. ;-)