[Gllug] High Availability firewall

Simon Morris simon.morris at cmtww.com
Fri Mar 31 14:49:34 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Somers wrote:
> Hi All,
> 
> I need a redundant firewall system that will failover in case of  
> hardware failure. A colleague recommends a couple of Cisco Pix 520s,  
> but in my opinion, we have better things to do with £5000.
> 
> The firewall will offer NAT to hosts on an internal network, and port  
> forward external requests to servers in a DMZ.
> 
> I have been looking at Linux-HA, which seems to be able to do  
> everything I need (I don't think we need stateful failover; keeping  
> active tcp sessions intact on failover isn't a requirement). I would  
> like to use shorewall to manage the firewall rules, as we have been  
> using it for a while and are happy with it.
> 
> Has anyone had experience with this? Is there an easier way to  
> achieve it than with linux-ha, for someone who has no experience  
> whatever in clustering?

I've set up Linux-ha (ultramonkey) a couple of times.

You could use heartbeat to have a virtual IP address that would fail
over between 2 NIC's

http://packages.debian.org/stable/admin/heartbeat

The rest of the high availability stuff like directord isn't really
suitable for what you are describing though.

Thanks

~sm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFELUF+tjeLJb8KijsRAiq/AKCh6kAX5r5qKjgAtobZO3xYIylywACggrN4
JeDZIPThSiyfEeFW330HBPE=
=6OGE
-----END PGP SIGNATURE-----
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list