redundant linux firewall

Discussion in 'Linux Networking' started by Aditya Ivaturi, Jun 10, 2004.

  1. We have designed a custom ip-tables based linux firewall. This firewall
    guards 3 web servers and a mail server. Recently it died on us due to a
    faulty RAM module (in the hindsight we should have tested it). This prompted
    us to look for a failover firewall which will eventually lead to a higly
    available setup. This failover machine need not be identical in
    configuration but the sessions and iptables etc need to be synced. I did
    some research in to tools that'll help me do this and I came across a few
    projects which address this in one way or the other. Linux-ha
    (http://linux-ha.org/), Fake (http://www.vergenet.net/linux/fake/) and
    UltraMonkey (http://www.ultramonkey.org/).

    Any suggestions on which one might be a better solution for our situation or
    are there any other projects which are better? Any light on some pros and
    cons (from real world experience and not what is written on the web page)
    would be great. Thanks.

    --Turi
     
    Aditya Ivaturi, Jun 10, 2004
    #1
    1. Advertisements

  2. http://cvs.netfilter.org/netfilter-ha/

    [ Snip: Linux-HA ]

    Look for "The failover of the load balancer" here:
    http://www.linux-vs.org/HighAvailability.html

    You need an aditional connection between the firewalls,
    (for the "heartbeat"). In this kind of a setup though.
    Well, i guess this followup isn't great then ...

    Why one would want to use: CARP rather then VRRP / HSRP :
    http://www.openbsd.org/lyrics.html
     
    Menno Duursma, Jun 19, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.