Re: Pseudo-cluster firewall

To: R.DElia@starcomitalia.com
Cc: debian-security@lists.debian.org
Subject: Re: Pseudo-cluster firewall
From: Duncan Simpson <duncan@commercialuk.com>
Date: 03 Nov 2004 11:47:09 +0000
Message-id: <1099482430.17682.21.camel@duncan>
In-reply-to: <WorldClient-F200411022055.AA55240018@starcomitalia.com>
References: <WorldClient-F200411022055.AA55240018@starcomitalia.com>

On Tue, 2004-11-02 at 19:55, Raffaele D'Elia wrote:
> Hi all,
> 
> I have a firewall with 3 NICs (LAN,DMZ,ROUTER); this is a single point of
> failure, of course! I've decided to build a backup firewall, with similar
> hardware (just in case) and the same config.
> Now the problem: I have only a cross-over cable from the router to the
> firewall, so I cannot connect the backup firewall.
<all the rest snipped>

The usual advice is *not* to connect two firewalls in parallel, lest
traffic that should not can get throught the other. You could keep the
other firewall as a spare that can be quickly applied if your current
one fails. (I use an known clean CD image in a similar fashion).

Sold state switches are pretty reliable these days but I can not get one
in a box for the middle of an ethernet cable, so you would have to make
one---the components are cheap but breadboard and scopes are not.

Reply to:

Follow-Ups:
- Re: Pseudo-cluster firewall
  - From: Michael Stone <mstone@debian.org>

References:
- Pseudo-cluster firewall
  - From: "Raffaele D'Elia" <R.DElia@starcomitalia.com>

Prev by Date: Re: doing an ssh into a compromised host
Next by Date: Re: Pseudo-cluster firewall
Previous by thread: Re: Pseudo-cluster firewall
Next by thread: Re: Pseudo-cluster firewall
Index(es):
- Date
- Thread