Failover of FreeBSD firewall with ipfw/natd
Martin Jessa
freebsd at yazzy.org
Sun Jan 11 13:56:50 PST 2004
Hi.
This may help:
http://www.ezunix.org/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=69&page=1
On Sat, 10 Jan 2004 20:03:32 -0500
"Eric L. Howard" <elh at outreachnetworks.com> wrote:
> At a certain time, now past [Jan.10.2004-10:36:48AM -0600], dap99 at i-55.com spake thusly:
> > Apologies for the first empty post.
> >
> > I am running FreeBSD 4.8-REL with ipfw and natd. My firewall has a primary
> > IP address and several other IP addresses aliased on the public interface.
> > This firewall serves as a gateway and performs NAT for a set of servers
> > offering web, email, and HTTPS. We have two machines that can serve as the
> > firewall: One is the primary firewall, and the second can be brought up
> > manually as the firewall in case of a failure of the first machine.
> >
> > I would like to automate the process of failover for the firewall.
>
> This has come up in the past...did you check the archives?
>
> [admin at zechariah ports]$ make search key=freevrrp
> Port: freevrrpd-0.8.7
> Path: /usr/ports/net/freevrrpd
> Info: This a VRRP RFC2338 Compliant implementation under FreeBSD
> Maint: spe at bsdfr.org
> Index: net
> B-deps:
> R-deps:
>
> [admin at zechariah freevrrpd]$ less pkg-descr
> freevrrpd is a VRRP (Virtual Router Redundancy Protocol) implementation
> daemon under FreeBSD. freevrrpd is part of the High UpTime project.
> This daemon has been rewritten from scratch and is not based on
> existing projects. In this second public release, you can find:
>
> * A daemon RFC 2338 Compliant adapted on FreeBSD systems
> * Implementation of Virtual Adresses
> * Support for multiples VRID
> * Master announce state by sending multicast packets via BPF
> * Changing routes and IP in 3 seconds
> * Doing gratuitous ARP requests to clean the cache of all hosts
> * Election between different slave servers
> * Same host can be Slave and Master at the same time
> * Automatic Downgrade to Slave if a Master is up again
> * Anti-Address Conflict system
> * Multi-threaded vrrp daemon
> * Plain text password authentication
> * Using now only one BPF device for all VRID
> * Support netmask for Virtual IP addresses
> * Support for monitored circuit and dependances between VRIDs
>
> WWW: http://www.bsdshell.net/
>
> I don't use ipfw or natd...so I can't comment on that portion...but
> again..it's come up in the past...check the archives for -isp, -security and
> -ipfw.
>
> ~elh
>
> --
> Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m
> ------------------------------------------------------------------------
> www.OutreachNetworks.com 313.297.9900
> ------------------------------------------------------------------------
> JabberID: elh at jabber.org Advocate of the Theocratic Rule
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
More information about the freebsd-isp
mailing list