John Brahy wrote: > I was hoping to get some suggestions on the best way to handle this. We just > put a DSL line for inet backup and I'd like to have it automagically > failover. > > We are running OpenBSD 3.9 -stable on a box with four interfaces. Currently > we have one interface connected to our private network and one interface > connected to our router. > > I could connect the DSL router and the t-1 router directly to my firewall on > two seperate interfaces and maintain two seperate pf.conf files and manually > change the active interface. > this isn't what I want to do but I know it will work. > > What are my other options? I'd like to have it automatically fail over but > I'm not sure what is required to do that. > > Thanks, > > John > > I do have a similar setup, but in my case, i have two ADSL routers, from 2 different ISP's. And each router is on a separate interface, and i do have one internal network and 2 dmz's. Both the routers support snmp queries. I do use one pf.conf file, with one anchor for the balancing. Then, to detect the link state, i use ifstated with some scripts that check the WAN link and the interface that connect with the router link. If the WAN link fall, then i use pfctl to load rules in my anchor directing traffic to the other link, and vice-versa, and i do reboot my router (many of them works better after rebooting). If the link come back, the ifstated daemon detects it, and load rules again for doing load balancing. This setup works great. I do incoming routing too.
My 2 cents, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
