RE: [leaf-user] Firewall failover

Peter Mueller Wed, 25 May 2005 14:11:30 -0700

>   We are investigating on firewall failover design. I have 
> searched the net and found that projects like LVS have it 
> mostly solved for their side but that netfilter lacks it.
> 
>   Of course, a simple failover of the firewall is available 
> using things like VRRP (KeepAlive software) but without state 
> syncronization, and that is preciselly the part we need to 
> investigate.
> 
>   Is this issue solved in netfilter? How? Any ideas? Does it 
> work with kernel 2.4?
> 
>   Bear in mind I'm not talking about ISP redundancy but the 
> firewall itself, if possible set as an active/active failover 
> solution.


http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/netfilter-ha/

You want ct_sync, or connection tracking syncronization.  I am not sure what
it's status really is, but I think it is in 'testing' or 'works for me'.

Regards,

P



-------------------------------------------------------
SF.Net email is sponsored by: GoToMeeting - the easiest way to collaborate
online with coworkers and clients while avoiding the high cost of travel and
communications. There is no equipment to buy and you can meet as often as
you want. Try it free.http://ads.osdn.com/?ad_idt02&alloc_id135&op=click
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] Firewall failover

Reply via email to