Re: cluster on firewall?

[Gabriel Granger <gabe@bdmedia.co.uk>]

Glen Mehn wrote:

> Haim Ashkenazi wrote:
>
> > Hi
> >
> > I have setup a firewall with 4 legs as follows:
> >         * One leg goes to the router (cisco).
> >         * Second leg goes to a switch connected to the internal network
> >           (10.20...).
> >         * The third and fourth legs are both for the dmz. one goes to a
> >           switch with many dmz hosts connected to it, and the other goes
> >           directly to an isolated dmz host (which the firewall acts as a
> >           proxy-arp for it).
> >
> > I've used woody+iptables+shorewall for this setting.
> >
> > Now, since the firewall is the most critical host, I want to setup some
> > kind of failsafe, so even if that host dies all the traffic will go
> > through another host.
> >
> > Since I don't even have an idea where to start, I'll appreciate any
> > ideas/comments/pointers to documentations, etc...
> >
> > thanx
>
> have a look at linux-virtual-server
> http://linux-vs.org
>
> -g
Ever thought about using vrrpd? a friend of mine uses that for his web 
servers, it allows you virtually share an IP address, as soon as the 
primary machine with the virtual IP goes down the secondary machine 
takes over.  I'm thinking of using this as my firewall / router for a 
new project. It works really well I might add.

   - Regards -

            Gabe