[Gllug] High Availability firewall
Simon Morris
simon.morris at cmtww.com
Fri Mar 31 14:49:34 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Julian Somers wrote:
> Hi All,
>
> I need a redundant firewall system that will failover in case of
> hardware failure. A colleague recommends a couple of Cisco Pix 520s,
> but in my opinion, we have better things to do with £5000.
>
> The firewall will offer NAT to hosts on an internal network, and port
> forward external requests to servers in a DMZ.
>
> I have been looking at Linux-HA, which seems to be able to do
> everything I need (I don't think we need stateful failover; keeping
> active tcp sessions intact on failover isn't a requirement). I would
> like to use shorewall to manage the firewall rules, as we have been
> using it for a while and are happy with it.
>
> Has anyone had experience with this? Is there an easier way to
> achieve it than with linux-ha, for someone who has no experience
> whatever in clustering?
I've set up Linux-ha (ultramonkey) a couple of times.
You could use heartbeat to have a virtual IP address that would fail
over between 2 NIC's
http://packages.debian.org/stable/admin/heartbeat
The rest of the high availability stuff like directord isn't really
suitable for what you are describing though.
Thanks
~sm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFELUF+tjeLJb8KijsRAiq/AKCh6kAX5r5qKjgAtobZO3xYIylywACggrN4
JeDZIPThSiyfEeFW330HBPE=
=6OGE
-----END PGP SIGNATURE-----
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list