Re: Redundant interfaces
Hello .*,
Blars Blarson écrivait :
> smartin@milliways.cl writes:
> >I have installed and configured a firewall using woody and the
> >standard 2.4.18 kernel that comes with it. I am using iptables.
> >
> >The server has 2 interfaces, and I now have the requirement of setting
> >it up so that the 2 interfaces have the same IP, so in case one of the
> >cards, or associated hardware, goes down then the firewall stays
> >visible.
>
> Using the same IP on multiple interfaces on different segments works
> just fine. (Except dhcpd, which doesn't understand this configuration.)
> Proxy arp routing is used, so no other system needs to know about this.
>
> For backup use, I'd configure them both with the same ethernet address
> and leave one down until it looks like the other has failed. However,
> I wouldn't recomend this configuration, since it adds additional
> possible failures (of the switch code) when the situation being
> allowed for is unlikely. If you are that parinoid, you should have
> duplicate segments throughout your network.
An easy way to do what your are claiming for is to put both your interfaces
into a bridge group. Both interfaces will receive pseudo ethernet hardware
address, and will be logically available under a new "br0" (or whatever name
you choose for it) virtual ethernet interface.
You may take a look at this :
http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/
And especialy there :
http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/practical-example.html#AEN590
Regards, J.C.
Reply to: